In a portion of a website, I have implemented user authentication and management using
sessions. When a user first logs in, the $REMOTE_ADDR is stored is a session variable
SESSION['ip']. On each of the protected pages, a header.php is included with the
following code:
if ($SESSION['ip'] != $REMOTE_ADDR){
header("Location: error.php?err=2");
die;
}
As you can see, this is an attempt to see if someone is trying to hijack a session.
The problem is, AOL doesn't like this. Whenever an AOL user logs into the website, the
session starts successfully, but when the user goes to a protected page, he's
redirected to error.php?err=2. For some reason, the IP address appears to be changing.
Is this a known issue with AOL? Is the IP really changing from page to page? That
seems weird. Any way around this, or must I stop using this security approach?
Thanks,
--
: Joseph Szobody :
"Computers are like airconditioners: They stop working properly if you open windows."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
