[Previous] [Contents] [Next]


Recording IP addresses to detect session hijack attempts


Earlier in this chapter we showed how to access the IP address of the browser when processing a request. The script shown in Example 9-5 checked the IP address set in the $REMOTE_ADDR variable against a hardcoded value to limit access to users on a particular subnet.

The IP address of the client that sent a request can be used to help prevent session hijacking. If the IP address set in $REMOTE_ADDR variable is recorded as a session variable when a user initially connects to an application, subsequent requests can be checked and allowed only if they are sent from the same IP address.

Using the IP address as recorded from the HTTP request has limitations. Network administrators often configure proxy servers to hide the originating IP address by replacing it with the address of the proxy server. All users who connect to an application via such a proxy server appear to be located on the one machine. Some large sites-such as a large university campus-might even have several proxy servers to balance load, so successive requests coming from a single user might appear to change address.

[Previous] [Contents] [Next]


A+ Certification ASP C C# Flash HTML and CSS Java MS Access MS Excel MS Excel 2007 MS FrontPage MS PowerPoint MS Word MySQL Networking Perl and CGI Photoshop PHP PHP and MySQL Visual Basic XML XML