Jump to content


This topic is now archived and is closed to further replies.


sessions and cookies

Recommended Posts

I realize about sessions, I figured out that sessions send cookies by default, I will eventually do my own sessions handling, but for now I had a question.
Sessions vrs Straight sessionless cookies.  If I have an admin page, and I know it's only 1 admin, never anyone else, if I use her ip, THAT SHE TELLS ME, is her current ip for instance.

EXAMPLE ONLY, not a real ip that I know of.
Ok fake ip number.
For instance if she tells me, "joyel, this is my ip".
I say to her "ok".
then I do this for instance
I have it when she logs into admin, I have her ip already stored, I check for username/password, then I check for HER ip address.  Then I set cookies.  Not sessions but cookies.  THen I log her in, and everything.  a permanent cookie by the way.  With no lifespan.  Then all of a sudden the next time she log's in, I have it setup to check her ip, and make sure it's still the same if not it automatically bans whoever's ip there was.  Is this going to be very secure, I thought it up this morning, is it going to be pretty secure or not necessarily. I was thinking to permanently ban someone, I can have it write information to the htaccess file like you would write any other file, and just write in ip addresses as they get banned, I don't see why it wouldn't work.

Share this post

Link to post
Share on other sites
It would work if she has a static IP address. Many ISPs uses dynamic IP addresses where a new IP address is automatically assigned on either everytime she connects to the internet, each time she loads a webpage, every couple of hours etc. So Storing here IP address isnt such a good idea. Also take into account whether she is behind a proxy. If she is $_SERVER['REMOTE_ADDR'] will not get her IP address but the Proxies IP Address. To get her IP address you want to use $_SERVER['HTTP_X_FORWARDED_FOR'] or any of the other forwarded_for server variables to get her true IP Address rather than the proxy servers.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.