Re: Session IP address matching

From:	Andrea Faulds	Date:	Sat, 25 Jan 2014 02:21:42 +0000
Subject:	Re: Session IP address matching
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On 25/01/14 01:11, Andrey Andreev wrote:
Yes, one can write a custom session handler, but there's a number of
problems with that:

Correct me if I'm wrong, but why would you need to do that? Surely, this would suffice:

    if (!isset($_SESSION['ip'])) {
        $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
    } else if ($_SERVER['REMOTE_ADDR'] !== $_SESSION['ip']) {
        session_destroy();
    }

-- 
Andrea Faulds
http://ajf.me/


   

Thread (29 messages)

• Andrey AndreevSat, 25 Jan 2014 01:11:37 +0000
  • Stas MalyshevSat, 25 Jan 2014 01:20:27 +0000
  • Ferenc KovacsSat, 25 Jan 2014 01:40:28 +0000
    • Andrey AndreevSat, 25 Jan 2014 01:50:32 +0000
      • Stas MalyshevSat, 25 Jan 2014 01:57:06 +0000
        • Stas MalyshevSat, 25 Jan 2014 01:59:54 +0000
  • Andrea FauldsSat, 25 Jan 2014 02:21:42 +0000
    • Andrey AndreevSat, 25 Jan 2014 03:15:12 +0000
      • Lester CaineSat, 25 Jan 2014 09:54:01 +0000
      • Andreas HeiglSat, 25 Jan 2014 14:11:18 +0000
        • Ralf LangSat, 25 Jan 2014 14:35:39 +0000
          • Lester CaineSat, 25 Jan 2014 15:55:03 +0000
        • Andrey AndreevSat, 25 Jan 2014 16:30:17 +0000
          • Lester CaineSat, 25 Jan 2014 17:29:40 +0000
          • Patrick SchaafSat, 25 Jan 2014 20:21:09 +0000
            • Rick WidmerSat, 25 Jan 2014 20:35:34 +0000
              • Sanford WhitemanSat, 25 Jan 2014 21:07:39 +0000