The fun one for this is AOL - it can shift the IP at virtually every
request, and you recognise the user as someone completely different
It's their form of load balancing for the dial-ins - annoying for web
developers, but must work for them
Philip Arnold
Director
Certified ColdFusion Developer
ASP Multimedia Limited
T: +44 (0)20 8680 1133
"Websites for the real world"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
> -----Original Message-----
> From: Xing Li [mailto:[EMAIL PROTECTED]]
> Sent: 06 January 2001 09:50
> To: CF-Talk
> Subject: OT: CGI.Remote_Addr and client identification...
>
>
> Well..one day I decided I had to add extra security to my custom client
> storage system and what's a better way to do this
> than to record the IP (cgi.remote_addr) when creating the client instance
> and verify the IP stored and real-time IP in addition to the cookie keys
> stored on the browser. However, there was something I hadn't
> planned and it
> really surprised me.
>
> Turns out, MANY, and although not a very high percentage, low thousands if
> you have millions, end users having internet connections whose IPs shift
> from one request to the other! I didn't know this was as wide spread of a
> practice to pay any attention and no one told me this was even been done.
> Because of this, hundreds of people complained wildly about being
> logged off
> the second they authenticate themselves. Heck, I couldn't verify what they
> were trying to say until one user from new Zealand, whose ISP has switched
> to satellite feeds, helped me tracked down the nagging problems.
>
> Turns out her connection ranges from .15 - .18 IP randomly from request to
> request and I assumed she wasn't the only one. So now, the client
> verification is only done on the first two IP classes(?):
> 205.111.444.222 is
> stored as 205.111 for verification.
>
> Thought this might save some headaches to some fellow cfers down
> the road if
> they ever come across this type of problem.
>
> Xing
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
