All geek questions in one place

PHP Session Cookies Do Not Work When Users Change IP Address

I have a login script for a small application that works by saving session cookies and checking them on each page to make sure the user is logged in. One of the two users using the system constantly logs out. It does not seem to be like a session cookie, which indicates that authentication is no longer present.

After a lot of research, the only thing I can see that this is different from this user is that their IP address changes (today it changed every hour (them in Heaven)). The only thing that happened with the IP address change happened 5 times this morning, and only once the user was disconnected.

Has anyone had a similar problem?

Are session cookies in any way tied to IP addresses?

Any help or links that are greatly appreciated.

thanks

FROM

+4
source share
2 answers

Are session cookies in any way tied to IP addresses?

Not. As long as the browser connects to the same IP server, it does not matter if clients access the changes or go through another proxy.

Most likely, something is cached where it should not be. (assuming you are not checking the IP address).

Have you configured your web server to register session IDs with the request / client / user agent? (i.e. in the access log)

FROM.

+3
source

By default, a PHP session does not account for IP address changes. It is based only on cookie value.

It is possible that your web application has certain code that invalidates the session when the user changes the IP address.

+2
source

Source: https://habr.com/ru/post/1301826/

More articles:


All Articles