Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI A Test To See If You Write Sloppy Software In Case You Missed It...The Week of September 19, 2005 PHP and Regular Expressions 101 Optimizing Postgresql Storing LOB Greater Than 4kb in Oracle Database using PHP

php3-list | 199901

From: Jeremiah Davis (jdavis <email protected>)
Date: 01/13/99

• Next message: Colin Viebrock: "[PHP3] Man! Our design is the best!"
• Previous message: PHP: "[PHP3] [PHP3 -> MSSQL Server]"
• Next in thread: Samuel Liddicott: "RE: [PHP3] $REMOTE_ADDR ??"
• Reply: Samuel Liddicott: "RE: [PHP3] $REMOTE_ADDR ??"
• Maybe reply: Richard Lynch: "RE: [PHP3] $REMOTE_ADDR ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just something I was wondering about.. with all the discussion's about
sessions and security. I was building an authentication script a few
weeks ago. and what I'm doing is setting a cookie to the persons browser
after they log in, with the session ID in it. that is referenced against
a session table. the session table also contains the $REMOTE_ADDR of the
user. so when a user visits a secured page, the page looks up their
session number in the DB, then compares the stored $REMOTE_ADDR with the
users current $REMOTE_ADDR. if they do not match, it kills the session
and directs them to a login screen. What I was wondering is, are there
any browsers that will not transmit the $REMOTE_ADDR ??

Right now this script is just for securing the administration area of a
website so it doesn't matter so much there becuase we have more control
over the population of users accessing it, but there may be some
projects in the near future where I would want to use it to secure pages
on the general public side of a website.

Any insight would be greatly appreciated!

Thanks,

Jeremiah Davis
jdavis <email protected>

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
List administrator:  zeev <email protected>

• Next message: Colin Viebrock: "[PHP3] Man! Our design is the best!"
• Previous message: PHP: "[PHP3] [PHP3 -> MSSQL Server]"
• Next in thread: Samuel Liddicott: "RE: [PHP3] $REMOTE_ADDR ??"
• Reply: Samuel Liddicott: "RE: [PHP3] $REMOTE_ADDR ??"
• Maybe reply: Richard Lynch: "RE: [PHP3] $REMOTE_ADDR ??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs