RE: [ic] IPs that change with every access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ic] IPs that change with every access

Subject: RE: [ic] IPs that change with every access
Date: Sun, 24 Jun 2007 02:02:40 +0300
From: "Gert van der Spoel" <suppressed>

> -----Original Message-----
> From: suppressed [mailto:interchange-
> suppressed On Behalf Of Carl Bailey
> Sent: zondag 24 juni 2007 1:52
> To: suppressed
> Subject: Re: [ic] IPs that change with every access
> 
> Kevin Walsh <suppressed> wrote:
> > Grant <suppressed> wrote:
> >> I was looking at [env HTTP_COOKIE] at it looks like my MV_SESSION_ID
> >> cookie is composed of my session ID and my IP address.  I've been
> >> studying my logs a lot lately, and there are a fair amount of
> accesses
> >> made by IP addresses that change with every access, usually just the
> >> end portion of the IP address.  Most of these accesses are clearly
> >> robots, but some of them are clearly not.  Is IC able to keep track
> of
> >> a user's session properly when their IP changes with each access?
> >>
> > Ordinary users should not change their IP address with every request.
> > Spiders might do this, but they should be recognised by the Robot*
> > directives.
> >
> > Users who use a proxy cluster might present themselves from a
> different
> > IP address every now and again.  Similarly, Also, if a user's ISP has
> a
> > weird DHCP setup then it might give the user a new IP address, rather
> > than renew the existing lease, but you shouldn't see that very often
> > in a normal browsing session.
> 
> Yet we see this all the time, primarily from users of AOL, who
> presumably all utilize a proxy cluster.  That makes it a far more
> common occurrence indeed, at least here in the states ;)
> 
> That said, without changing the IC configuration, I have tested this
> situation by modifying the cookie in my browser, so that the IP address
> part no longer matches my actual IP address.  As long as the session ID
> part is constant Interchange does not seem to mind, and the session
> behaves normally, all the way through checkout.

Which does introduce the possibility of session-hijacking. 
Creating larger session ID's can make that more difficult.

CU,

Gert

_______________________________________________
interchange-users mailing list
suppressed
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Follow-Ups:
- Re: [ic] IPs that change with every access
  - From: Peter

References:
- Re: [ic] IPs that change with every access
  - From: Carl Bailey

Prev by Date: Re: [ic] IPs that change with every access
Next by Date: Re: [ic] IPs that change with every access
Previous by thread: Re: [ic] IPs that change with every access
Next by thread: Re: [ic] IPs that change with every access
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.