Using the built in PHP 4 session support you can do IP checking on the sessions, in fact you should be able to do IP checking with any session library as long as you do it in your application.
Checking the IP when using sessions might give you some additional security but many ISPS use web proxies and caches, while some of these proxies allow you to see the original IP many do not. Additionally the user may be routed through a different proxy depending on the ISP setup which would result in their session being dropped. You might consider using your existing session system over an SSL connection, it would provided increased security without changing your code. The only time I have needed to use anything other than the standard PHP session support was when I needed my sessions to be encrypted on the server, even in this case I just wrote my own session handler and used the PHP 4 functions. If your code is working well there may be little reason to change it, it may be a more responsible decision to wait until your application is undergoing a re-design to change your session handling or it may not be, it all depends on how much time you have, and features you need and are not getting now. If you do decide to go ahead with the IP checking one way to do it is to store the session id and IP address in a database, then add logic to your application that checks the session id against the IP address in the database before the session is started, if they don't match it clears the session variables and starts a blank session. I've done this in the past but found it provided only limited security advantages compared to other things like SSL. Jason On Mon, 2003-02-17 at 21:21, Vincent M. wrote: > Hello, > > I am using the phplib just for the sessions management and unfortunately > this projects seems dead (no?), no official realise using the php4 > session support. > What's more, i am looking for a sessions library which could check the > IP adress of users not only the cookie. In case of bad hats steal cookies... > What I use in my current code is: > page_open(array("sess" => "SIOVA_Session", "auth" => > "SIOVA_Challenge_Auth", "perm" => "SIOVA_Perm")); > $perm->check("user"); > page_close() ; > $auth->auth["perm"] == "admin" ;// and others privilege checks... > $sess->delete() ; > $auth->unauth(); > $auth->logout(); > etc... > > What do you think I should use instead of the phplib, do you think I > should change what I use at this time which works full well :-/ > I do want to use a library checking the cookies AND the IP adresses...to > do something more secure. > > > Thanks for you advises, > Vincent. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php