开发者

PHP Session Cookies fail with users changing IP

I have a login script for a small application that works by storing session cookies and checking them on each page to make sure the user is logged in. One of the two users who uses the system keeps getting logg开发者_如何转开发ed out randomly. This appears to be down to the session cookie that shows then authenticated no longer being present.

After a lot of investigation the only thing I can see that is different about this user is that their IP address is changing (today it was changing every hour (their on Sky)). The only thing is the change of IP address has happened 5 times this morning and only once has the user been logged off.

Has anyone had a similar issue?

Are session cookies in someway tied to IP addresses?

Any help or links much appreciated.

Thanks

C


Are session cookies in someway tied to IP addresses?

No. As long as the browser is connecting to the same IP name serverside it doesn't matter if the clients address changes or goes via a different proxy.

It's more likely that something is getting cached where it shouldn't. (assuming you are doing no validation against IP address).

Have you got your webserver configured to log session ids against the request/client/user agent? (i.e. in the access log)

C.


By default the PHP Session does not account for IP changes. It's only based in the cookie value.

So perhaps maybe there is some customized code in your web app that invalidates the session when a user changes the IP address.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜