Is there any alternative to the $_SERVER['REMOTE_ADDR']. Which returns the ip address of the computer accessing a site. I'm trying to search about same external ip assigned by router, and got into this: How do two computers connect to same external address through NAT? And found out that the same external ip is assigned if the computers are connected to the same modem. I'm creating a simple login program in php which uses $_SERVER['REMOTE_ADDR'] to determine if a user is already logged in somewhere else in the same network. And this won't actually work if those computers are connected to the same modem through the router.
Asked
Active
Viewed 2,143 times
2
-
3Having IP address as the only user validation is a bad idea. You should set up sessions. See http://php.net/manual/en/features.sessions.php – Diarmaid May 12 '11 at 13:25
-
1@Diarmaid or HTTP Auth eg. http://php.net/manual/en/features.http-auth.php – Treffynnon May 12 '11 at 13:26
-
ip address is not sufficient for user authentication (e.g. what will you do if users are behind the same proxy ?), you should use session. – soju May 12 '11 at 13:27
-
5This is not a simple login program, this is a **bad** login program. – ceejayoz May 12 '11 at 13:28
2 Answers
7
No, this is the best you can do. The server only knows where the request is coming from, and that may be a proxy or a NAT router or some other entity which is not the direct enduser. There's nothing you can do about that, that's how networks work.
The solution is simple: Don't use IPs to identify users. Ever. Use cookies.
deceze
- 510,633
- 85
- 743
- 889
-
I haven't said the whole story, I'm actually using sessions to store all the usernames who are logged in. And cookies to store the username and ip locally. – Wern Ancheta May 12 '11 at 14:02
2
Using a more traditional cookie based login solves this. The browser identifies the user by providing a unique token. Ip, as you have discovered, is not unique.
Allain Lalonde
- 91,574
- 70
- 187
- 238