Yup, AOL's proxy servers do this. Justin Garrett
"Joseph Szobody" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In a portion of a website, I have implemented user authentication and management using sessions. When a user first logs in, the $REMOTE_ADDR is stored is a session variable SESSION['ip']. On each of the protected pages, a header.php is included with the following code: if ($SESSION['ip'] != $REMOTE_ADDR){ header("Location: error.php?err=2"); die; } As you can see, this is an attempt to see if someone is trying to hijack a session. The problem is, AOL doesn't like this. Whenever an AOL user logs into the website, the session starts successfully, but when the user goes to a protected page, he's redirected to error.php?err=2. For some reason, the IP address appears to be changing. Is this a known issue with AOL? Is the IP really changing from page to page? That seems weird. Any way around this, or must I stop using this security approach? Thanks, -- : Joseph Szobody : "Computers are like airconditioners: They stop working properly if you open windows." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
