Why you shouldn't rely entirely on an IP
View Single Post
11-07-2007, 01:17 PM
Join Date: Nov 2007
Originally Posted by
Yea, you can create a pretty good hash of a user though from all the information combined, but to be honest you should never go by any information that is sent by the user. Including potential headers, ip's etc, majority of things like that can be spoofed.
Its best to create a session, and simply have the user login again if they don't have the cookie.
Only way I'd use a fingerprint is to check if this user has changed browsers and ip's more then one then he would have to verify his account on next page view and change his password.(Good idea for a project if anyone likes it)
View Public Profile
Send a private message to Nor
Find More Posts by Nor