Answer the question
In order to leave comments, you need to log in
Where can I read an article about the authorization algorithm with IP binding?
Where can I read an article about the authorization algorithm with IP binding. IP is dynamic, how are sessions bound to such IPs?
Answer the question
In order to leave comments, you need to log in
just save the ip in the $SESSION array field and check on each page, if it doesn't match - log out (session_destroy).
If the server is Apache, use the .htaccess php_value auto_prepend_file option for this.
I think it's not good to just bind by IP without cookies, especially since the IP is dynamic - and as an additional check - why not - both the cookie and the IP must match.
Dynamic IP is issued for quite a long time. But the next time the user turns on the computer, he may be given a different IP, and then, for example, the "remember me on this site" checkbox will not work - the cookie will match, but the IP will not.
I will add:
If you do it for yourself, then binding IP to the session will still work.
If you are doing it for public use, then such a binding is a very rash step, since problems will begin with people who work through proxies (and there are a lot of them now).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question