Re: HTTP Authentication & Source IP Address

[Dorian Moore <lists () dorianmoore com>]

Hiya,

The main reason is that your user might be behind some form of proxy.
subsequent requests from people on [for instance] AOL may come from
different IP address's due to the distribution of their proxy service. This
would mean that your GET request for the main page could come from one IP
address, then for subsequent components [be it parts of that page, or other
pages] could come from a different IP address, thus invalidating your
session ID.

There are other reasons, but that's a good enough one.

_d._

on 30/11/02 1:13 pm the person going by the name James Wilkinson at
james.wilkinson () jwit co uk spake :

> Hi,
>
> In the recent discussion on HTTP Authentification, it was said (by Bob Lee)
> that you can't tie the origin of the the request (the IP address) to the
> session for reasons that have been discussed here time and time again.
>
> For a recent joiner of this forum, where can I find this discussion, or
> could someone please re-iterate the reasons (yet again).
>
> Thanks.
>
> J.
> James Wilkinson
> James Wilkinson IT Ltd.
> email: james.wilkinson () jwit co uk
> Tel: 023 80456076
> Mob: 07748 992874