Jump to content


Photo

sessions and cookies


  • Please log in to reply
2 replies to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 08 August 2006 - 01:33 PM

I realize about sessions, I figured out that sessions send cookies by default, I will eventually do my own sessions handling, but for now I had a question.
Sessions vrs Straight sessionless cookies.  If I have an admin page, and I know it's only 1 admin, never anyone else, if I use her ip, THAT SHE TELLS ME, is her current ip for instance.

EXAMPLE ONLY, not a real ip that I know of.
244-532-322
Ok fake ip number.
For instance if she tells me, "joyel, this is my ip".
I say to her "ok".
then I do this for instance
I have it when she logs into admin, I have her ip already stored, I check for username/password, then I check for HER ip address.  Then I set cookies.  Not sessions but cookies.  THen I log her in, and everything.  a permanent cookie by the way.  With no lifespan.  Then all of a sudden the next time she log's in, I have it setup to check her ip, and make sure it's still the same if not it automatically bans whoever's ip there was.  Is this going to be very secure, I thought it up this morning, is it going to be pretty secure or not necessarily. I was thinking to permanently ban someone, I can have it write information to the htaccess file like you would write any other file, and just write in ip addresses as they get banned, I don't see why it wouldn't work.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 08 August 2006 - 02:21 PM

It would work if she has a static IP address. Many ISPs uses dynamic IP addresses where a new IP address is automatically assigned on either everytime she connects to the internet, each time she loads a webpage, every couple of hours etc. So Storing here IP address isnt such a good idea. Also take into account whether she is behind a proxy. If she is $_SERVER['REMOTE_ADDR'] will not get her IP address but the Proxies IP Address. To get her IP address you want to use $_SERVER['HTTP_X_FORWARDED_FOR'] or any of the other forwarded_for server variables to get her true IP Address rather than the proxy servers.

#3 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 08 August 2006 - 03:41 PM

I didn't know that, I will use that, and keep that in mind thanks.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users