PHP REMOTE_ADDR and secure sessions

Posted by Christopher McCann on Stack Overflow See other posts from Stack Overflow or by Christopher McCann
Published on 2010-05-04T08:15:48Z Indexed on 2010/05/04 8:18 UTC
Read the original article Hit count: 231

Filed under:
|

One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking.

But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine?

Thanks

© Stack Overflow or respective owner

Related posts about php

Related posts about security