0

i want to do if a person login from state A(this is his home town) and after 2 hours the same account login again by another state B. then ask a security Answer.

How i can check this. with the help of cookie or any thing else

Anand Singh
  • 144
  • 4
  • Possible duplicate of http://stackoverflow.com/questions/409999/getting-the-location-from-an-ip-address – Pekka Oct 03 '13 at 03:19
  • @Pekka웃 This isn't quite a duplicate. – Brad Oct 03 '13 at 03:19
  • @Brad the answer ends up being geolocation. It's arguably perfectly acceptable as an additional security measure. When a user logs in from the US, and then from Russia two hours later, it's prudent to ask a security question. – Pekka Oct 03 '13 at 03:20
  • @Pekka웃 That's only part of it. If it was simple geolocation, there would be no problem here. – Brad Oct 03 '13 at 03:21
  • @brad he's not trying to authenticate the user through geolocation. He's looking for clues when it might be prudent to ask a security question - how to detect possibly suspicious patterns. Using geolocation for that is perfectly acceptable practice and employed around the world. If you log in with a U.S. IP at noon, and with a Russian IP at two, something may be up. So you ask a security question. (Of course this needs to be done carefully - your example illustrates that. But you'll agree the average user doesn't have IPs from two continents at the same time.) – Pekka Oct 03 '13 at 03:23

1 Answers1

1

You can't check for this. IP geolocation is not nearly accurate enough.

From my desk right now, I have 3 IP addresses. One in Illinois, another in Missouri (cell phone provider has registered their IPs there), and a proxy server on a VPS in Europe. In addition, it's common for addresses to change regularly.

Consider using two-factor authentication if you want to increase your security standards.

Brad
  • 159,648
  • 54
  • 349
  • 530