PHP REMOTE_ADDR and secure sessions
Posted
by Christopher McCann
on Stack Overflow
See other posts from Stack Overflow
or by Christopher McCann
Published on 2010-05-04T08:15:48Z
Indexed on
2010/05/04
8:18 UTC
Read the original article
Hit count: 231
One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking.
But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine?
Thanks
© Stack Overflow or respective owner