Well..one day I decided I had to add extra security to my custom client
storage system and what's a better way to do this
than to record the IP (cgi.remote_addr) when creating the client instance
and verify the IP stored and real-time IP in addition to the cookie keys
stored on the browser. However, there was something I hadn't planned and it
really surprised me.
Turns out, MANY, and although not a very high percentage, low thousands if
you have millions, end users having internet connections whose IPs shift
from one request to the other! I didn't know this was as wide spread of a
practice to pay any attention and no one told me this was even been done.
Because of this, hundreds of people complained wildly about being logged off
the second they authenticate themselves. Heck, I couldn't verify what they
were trying to say until one user from new Zealand, whose ISP has switched
to satellite feeds, helped me tracked down the nagging problems.
Turns out her connection ranges from .15 - .18 IP randomly from request to
request and I assumed she wasn't the only one. So now, the client
verification is only done on the first two IP classes(?): 205.111.444.222 is
stored as 205.111 for verification.
Thought this might save some headaches to some fellow cfers down the road if
they ever come across this type of problem.
Xing
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
