How to implement authorization with cookies and binding by ip?

A

Alexander2014-05-18 19:08:47

PHP

Alexander, 2014-05-18 19:08:47

I know how to implement normal authorization with cookies and ip, but how to save authorization in the case of a dynamic ip, I tried to analyze many examples, often I noticed ip binding in cookies. I have no idea how to implement this with a dynamic ip ... Help me figure it out

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

N

Nazar Mokrinsky, 2014-05-18
@nazarpc

So do you want to bind to IP or not to bind? Decide.
If not, do not check the IP for a match, what's the problem?

V

Vanya Zyuzgin, 2014-05-18
@site2life

It is unlikely that this is possible with the conditions that you described. An IP address is generally not a constant thing. A person can work with your site both from a phone via 3G / 4G and from a desktop. Don't bind it to an IP.

A

Alexander Khirenko, 2014-05-18
@Satanpit

As an option, I advise you to write a unique cookie to the browser + save the md5 User Agent in the database in case the cookie is stolen. When logging in, check if the cookie and the User Agent match. It won't work with dynamic IPs.

A

Alexander Kubintsev, 2014-05-19
@akubintsev

I recommend implementing the algorithm described in the article jaspan.com/improved_persistent_login_cookie_best_p...