Jump to content

sessions and cookies


Ninjakreborn

Recommended Posts

I realize about sessions, I figured out that sessions send cookies by default, I will eventually do my own sessions handling, but for now I had a question.
Sessions vrs Straight sessionless cookies.  If I have an admin page, and I know it's only 1 admin, never anyone else, if I use her ip, THAT SHE TELLS ME, is her current ip for instance.

EXAMPLE ONLY, not a real ip that I know of.
244-532-322
Ok fake ip number.
For instance if she tells me, "joyel, this is my ip".
I say to her "ok".
then I do this for instance
I have it when she logs into admin, I have her ip already stored, I check for username/password, then I check for HER ip address.  Then I set cookies.  Not sessions but cookies.  THen I log her in, and everything.  a permanent cookie by the way.  With no lifespan.  Then all of a sudden the next time she log's in, I have it setup to check her ip, and make sure it's still the same if not it automatically bans whoever's ip there was.  Is this going to be very secure, I thought it up this morning, is it going to be pretty secure or not necessarily. I was thinking to permanently ban someone, I can have it write information to the htaccess file like you would write any other file, and just write in ip addresses as they get banned, I don't see why it wouldn't work.
Link to comment
Share on other sites

It would work if she has a static IP address. Many ISPs uses dynamic IP addresses where a new IP address is automatically assigned on either everytime she connects to the internet, each time she loads a webpage, every couple of hours etc. So Storing here IP address isnt such a good idea. Also take into account whether she is behind a proxy. If she is $_SERVER['REMOTE_ADDR'] will not get her IP address but the Proxies IP Address. To get her IP address you want to use $_SERVER['HTTP_X_FORWARDED_FOR'] or any of the other forwarded_for server variables to get her true IP Address rather than the proxy servers.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.