On Fri, 5 Jul 2002, Kondwani Spike Mkandawire wrote:
> Quick Question on Cookies vs. IP Number:
> They appear to be easy to set (well at least in PHP), hence quite
> easily to get around (The user of your Site simply deletes the
> Cookie on his Hard Drive...)  In Konqueror you are actually
> given the option of rejecting cookies...  Using
> getenv($REMOTE_ADDR) to retrieve someones IP number
> isn't too reliable either in the case that someone is using
> Dial Up...  I just want to get ideas from other PHP Coders as
> to how they secure their Sites and actually keep an accurate
> record as to who and how many people visit  your sites..
> coz even a combination of Cookies and IP would be easily
> by-passed...

IP numbers are pretty useless for this. A given user's IP address can 
change during a session, and multiple users can share IP addresses.

I'm not sure what your concerns about cookies are wrt security; they can
be part of a pretty tight system. Perhaps you could elaborate. For people
who don't accept session cookies, you'll have to pass a token around in
the URL or in a hidden form item.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to