Ivan Ristic wrote: >>Also, ISPs (like AOL) who use farms of proxy caches will change a users >>apparent ip during a single session. (i.e. concurrent requests may come >>from different ips). >> > > The real IP address can be tracked in most cases (say, using the > HTTP_X_FORWARDED header an others) but I am not really sure that we > should put the logic for that in the PHP engine itself. Users can > add the additional PHP code to their libraries. Anyway, you can > change the session id from the PHP code itself.
Still the IP of the client can change every once in a while when his DHCP lease expires ... or when they use dial-on-demand and automatic hangup as eg. provided by the linux ISDN subsystem? Do you really want client sessions to become invalid every time their ISP decides to assign them a new IP? For my system at home this could make a service unusable as it automaticly hangs up the ISDN line after 60sec without IP traffic and redials on demand (with ISDN you have connect times of <1sec, so you don't even notice you've been disconnected, but you'll notice the effect on the bill if you are charged by connection time). So my Client IP might even be different for every single request if it takes me more than a minute to read a page or fill out a form ... -- Hartmut Holzgraefe [EMAIL PROTECTED] http://www.six.de +49-711-99091-77 Wir stellen für Sie aus auf der CeBIT 2002 und freuen uns in Halle 6 auf Ihren Besuch am Stand H 18 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
