Jump to content

Archived

This topic is now archived and is closed to further replies.

Ninjakreborn

sessions and cookies

Recommended Posts

I realize about sessions, I figured out that sessions send cookies by default, I will eventually do my own sessions handling, but for now I had a question.
Sessions vrs Straight sessionless cookies.  If I have an admin page, and I know it's only 1 admin, never anyone else, if I use her ip, THAT SHE TELLS ME, is her current ip for instance.

EXAMPLE ONLY, not a real ip that I know of.
244-532-322
Ok fake ip number.
For instance if she tells me, "joyel, this is my ip".
I say to her "ok".
then I do this for instance
I have it when she logs into admin, I have her ip already stored, I check for username/password, then I check for HER ip address.  Then I set cookies.  Not sessions but cookies.  THen I log her in, and everything.  a permanent cookie by the way.  With no lifespan.  Then all of a sudden the next time she log's in, I have it setup to check her ip, and make sure it's still the same if not it automatically bans whoever's ip there was.  Is this going to be very secure, I thought it up this morning, is it going to be pretty secure or not necessarily. I was thinking to permanently ban someone, I can have it write information to the htaccess file like you would write any other file, and just write in ip addresses as they get banned, I don't see why it wouldn't work.

Share this post


Link to post
Share on other sites
It would work if she has a static IP address. Many ISPs uses dynamic IP addresses where a new IP address is automatically assigned on either everytime she connects to the internet, each time she loads a webpage, every couple of hours etc. So Storing here IP address isnt such a good idea. Also take into account whether she is behind a proxy. If she is $_SERVER['REMOTE_ADDR'] will not get her IP address but the Proxies IP Address. To get her IP address you want to use $_SERVER['HTTP_X_FORWARDED_FOR'] or any of the other forwarded_for server variables to get her true IP Address rather than the proxy servers.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.