0

I have a web application using Java, JSP. I want to make sure a user can only answer the same question on his/her same device ONCE. I try to check IP address on the user's computer. Once the device IP address is used, user can't answer the same question again on the device.

I try to capture the IP address as 

String ip =  request.getRemoteAddr();
System.out.println("IP Address: "+ip);

but the ip printed out as the following. IP Address: 0:0:0:0:0:0:0:1

Please let me how to capture user's device IP address correctly? Or any better way to make sure the same device can't be used twice or more for the same question.

Thanks in advance

UPDATE I added the following code to jsp page trying to capture customer's IP address, but I still keep getting production server IP addresses (I uploaded the app to production site). Could you please let me know why? I should get customers device IP address.

Thanks in advance!

String ip = "";
ip = request.getHeader("X-Forwarded-For");


if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {      
   ip = request.getHeader("Proxy-Client-IP");      
}      
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {      
   ip = request.getHeader("WL-Proxy-Client-IP");      
}      
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {      
   ip = request.getRemoteAddr();      
}    
System.out.println("ip: " +ip);
user11117947
  • 31
  • 6
  • 1
    what would happen if the user was assigned an ip address using DHCP? Try getting the mac address – Scary Wombat Apr 23 '19 at 07:16
  • 4
    why check for the same device, check for user credentials instead. Probably it's supposed to stop one user from answering multiple times – Stultuske Apr 23 '19 at 07:17
  • 1
    You're getting the IPv6 address of your computers loopback interface. The `getRemoteAddr()` method is not very reliable, see: https://stackoverflow.com/questions/1423347/problem-with-jsp-getremoteaddress – rdas Apr 23 '19 at 07:18
  • Hi Scary Wombat, Thanks for your post. I tried to get customer's mac using Java or Javascript. However, looks like they can't be done according to links below. If you have a solution for this, please let me know, otherwise, I have to get back to using ip https://stackoverflow.com/questions/36467542/possible-to-get-the-client-mac-address-from-java https://stackoverflow.com/questions/3385/mac-addresses-in-javascript – user11117947 Apr 27 '19 at 22:26
  • Hi Stultuske, Thank you very much for your comments. I don't use user credentials for the app,thanks again. – user11117947 Apr 27 '19 at 22:47
  • Hi rdas, Thanks for the information. – user11117947 Apr 27 '19 at 22:48
  • *"Could you please let me know why?"* - We can't be sure of why. But one possible reason is that your reverse proxy is not setting any of the headers that you are testing for. Check the configs. Also read this: https://stackoverflow.com/questions/14434890/how-to-distinguish-between-known-ip-and-unknown-ip/14435335#14435335, and this: https://stackoverflow.com/questions/14434890/how-to-distinguish-between-known-ip-and-unknown-ip/14435335#14435335. The gist is that it is **impossible** to get the real client IP in some situations. – Stephen C Apr 28 '19 at 08:43

1 Answers1

0

You're getting your loopback IPv6 interface because you're accessing this JSP through localhost. Try opening http://<your local IP>:<your AS port>.

Anyway, to get the remote user IP, first check for X-Forwarded-For header. If the user is accessing your web through a proxy server remoteAddr will be the proxy address and in this header you may have the remote user address.

request.getHeader("X-Forwarded-For")
isalgueiro
  • 1,973
  • 16
  • 20
  • Hi isalgueiro, Thank you very much for your post. I tried your suggestion, but for some reason, I keep getting production server IP instead of user's device IP address. I have updated details in my original post. – user11117947 Apr 28 '19 at 08:38
  • IMHO you're in the right direction @user11117947, print and check the HTTP headers, maybe you need to use a "less standard" header. – isalgueiro Apr 29 '19 at 09:04