Lock the session to a specific IP address

[aj123cd]

Can I Lock the session to a specific IP address?

 

If(isset($_SESSION[‘last_ip’] )) == false) {
$_SESSION[‘last_ip’] =$_SESSION[‘REMOT_ADDR’];
}
if($_SESSION[‘last_ip’] != =$_SESSION[‘REMOT_ADDR’]){
session_unset();
session_destroy();
}

thank you in advance

 

[batwimp]

Your question is fairly vague. What exactly are you trying to use this for?

[aj123cd]

store user information on the server for later use

[max_w1]

You can store the info in database with the user's IP, or just place a cookie in users computer with the information. as far as i know, sessions get destroyed when the browser is closed.

[aj123cd]

what about proxy server IP address?

[batwimp]

That's the problem with using IP addresses to keep track of user information. IP addresses can change for a number of reasons. Using IP addresses to store unique user information isn't reliable. The best way to keep track of individual user stuff is to have login functionality.

 

[freeloader]

You could use IP information as an added layer of security.

 

First you need to find the IP address. $_SERVER["REMOTE_ADDR"] isn't always the most reliable. There are some great functions out there, just google for 'php find ip address' or something like that.

 

Best way to store that info is on a database on your server in a field like 'LastIP' and then compare current with last IP and else: send them back to login page.