[PHP] $REMOTE_ADDR subnet consistency?

[Nathan]

Hi PHP heads,             I have question regarding $REMOTE_ADDRes consistency. I am developing a custom session library and I need a way to uniquely identify each http client. Hasn’t this has been a never-ending struggle for web developers? Anyways, I’m using the variables $HTTP_USER_AGENT and $HTTP_ACCEPT_ENCODING to help create the session hash and am now considering putting $REMOTE_ADDR into the pot. I know that there are problems with $REMOTE_ADDR, like proxies and NATs, BUT I WAS WONDERING, and now here comes my question, do the first two subnets of an IP address (i.e. 204.57.x.x) typically stay the same, so that they could be relied upon for general authenticity? By grepping through the access logs this appears to be true. Ok and don’t tell me, “Why don’t you just use cookies?” Because we must support non-cookie clients and cookies are not as authentic as IP addresses. Thank you for your brilliant insights to this question.   Nathan Cassano ContractJobHunter Web Developer