This won't work because some ISP's will assign a new IP every few
minutes or with each request. I'm thinking of AOL.

On Wed, 23 Jan 2002 18:46:50 -0500, SpamSucks86 wrote:
>The idea of building a website is largely to accommodate as large a
>portion of your visitors as possible. I'm not worried about people
>bookmarking sessionID's, but what if someone copy/pastes the URL to
>friend and they use the section. My friend gave me an excellent
>and that is to check their IP and store the IP in the session. If
>the IP
>doesn't match, then start a new session. This would be perfect,
>there's a double check. If someone disconnects to the internet but
>closes their browser, I don't think they should be allowed to
>their session anyway, they should be required to login again.
>-----Original Message-----
>From: Nick Wilson [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, January 23, 2002 3:35 AM
>Subject: Re: [PHP] Need opinion On sessions - Cookies mandatory?
>Hash: SHA1
>* and then Jason G. blurted....
>> If cookies do not work, then you must have a session_id appended
>> URL.  HTTP is a "stateless" protocol.  So every time you make a
>request via
>> HTTP, you must let PHP know what the session_id is either through
>> or url query strings (or possibly posted with a form).
>Yep, now I'm with you. The amount of times you'd see that kind of
>URL would be fairly minimal in most situations as most users these
>aren't even aware they *can* disable cookies.
>> >> disable cookies, but appending the session ID could be a
>> >> Consider this: Someone is viewing a page and says "oh cool, I
>> >> to see this". He then copy/pastes the URL, sessionID and all,
>> >> who then loads up the page using his friend's SessionID. With
>> >> this would not happen.
>> >
>> >Not a problem. The session is *destroyed* as soon as a user
>> >browser.
>> A session will only be *destroyed* if it uses a cookie. PHP never
>> when you close the browser, but the browser will remove the
>> time you fire up the browser, it will not send the cookie, and a
>> session will be started.
>Sure. But there is some kind of clean on the host machine right? You
>couldn't expect to continue a session a week later because you've
>bookmarked a URL containind a SID.
>I think this is controlled by something like a timeout var in the
>> In my personal experience, using cookies only has not proven to be
>> problem.  Your call.
>When you say using cookies only do you mean 'requiring' the user to
>cookies enabled?
>- --
>Nick Wilson
>Tel:        +45 3325 0688
>Fax:        +45 3325 0677
>Version: GnuPG v1.0.6 (GNU/Linux)

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to