Fahad Pervaiz wrote:
What i am trying to do is that,
i have an ecommerce shopping cart application developed and deployed on
many servers. Now i want to put support for the clients having cookies
disabled.
There are two options to do it.
1. Pass session id in the url ($_GET) array (encrypted or unencrypted)
2. Store session ID against IP in the database
3. Require cookies
Seriously, I think you'll find the percentage of visitors who will have
cookies disabled will be very small.
Option 1 requires large amount of work and changes required even on all
the sytem that have the ecommerce application, so that makes it less
feasable
Read up on the session.use_trans_sid php.ini setting on this page:
http://php.net/session - note that this has security implications.
Option 2 seems much doable as updates required in the deployed systems
is less.
Theoratically it should work as follows:
If client is using a proxy then store session id against actual IP +
proxy addr
If client is using NAT then store session against the NAT addr + the
internal IP
If client is not behind nat and not using proxy then store against the
public IP
No, you can't do this. Even if you could get the clients local IP you
would still be at the mercy of load-balanced proxies where each
subsequent request from any given client could come from a different IP.
Thats why i was looking for a way to get the internal ip, somehow
I don't need to access the client directly but the reason to get his
internal IP is to store session id against client's nat addr+internal ip
Hope you get my point
I do, and you're by no means the first person to try to solve this
problem. The only reliable(ish) information you can use is an ID you
give to the client. Whether that's as a cookie or by passing it back and
forth with every request.
I suggest you check out how some of the more popular open source
ecommerce projects handle this, but don't necessarily take what they do
as the "best" way to do it.
-Stut
PS. For someone with the domain name "ecommerce-xperts.com" you're
scaring me!
--
http://stut.net/
On 7/5/07, *Stut* <stuttle@xxxxxxxxx <mailto:stuttle@xxxxxxxxx>> wrote:
Please include the list when replying.
Fahad Pervaiz wrote:
> Thanks for the reply!!!
>
> I need to get the internal IP of the client. Is it possible to get it
> via javascript?? I have tried to search some scripts but found
nothing
> useful.
No, you can't. Javascript runs in a sandbox that limits what it can do.
You could do this by utilising other client-side technology such as
ActiveX controls or possibly Java. Both would require the user to give
them permission to access that information.
However, think about what you are trying to do. Say my local IP is
192.168.0.5 <http://192.168.0.5>. I got through a gateway (NAT
server) at 192.168.0.1 <http://192.168.0.1> which
proxies my connections out to the internet with the public IP
80.1.1.1 <http://80.1.1.1>.
Your server, on the internet, cannot access my local machine
(192.168.0.5 <http://192.168.0.5>) from outside my network unless
the gateway (NAT server)
forwards ports through to it, which is highly unlikely. So even if you
could get my local IP it would not be of any use to you.
Why don't you tell us what you are actually trying to do - there may be
a better way to do it.
-Stut
--
http://stut.net/
> On 7/5/07, *Stut* <stuttle@xxxxxxxxx <mailto:stuttle@xxxxxxxxx>
<mailto:stuttle@xxxxxxxxx <mailto:stuttle@xxxxxxxxx>>> wrote:
>
> Fahad Pervaiz wrote:
> > Hello,
> >
> > I want to get the actual IP of a client behind NAT or a
Firewall.
> Is there
> > anyway to traverse NAT to get the actuall/real IP of the
client
> to check
> > weather its reachable directly or not.
> >
> > OR Is there anyother way to do that. Plz suggest
>
> No, you can't. And even if you could it wouldn't do you any
good. Think
> about what NAT does and you'll realise why.
>
> As for firewalls... if there was a way around it there'd be
no point in
> having the firewall.
>
> -Stut
>
> --
> http://stut.net/ <http://stut.net/>
>
>
>
>
> --
> Regards
> Fahad Pervaiz
> www.ecommerce-xperts.com <http://www.ecommerce-xperts.com>
<http://www.ecommerce-xperts.com>
> (Shopping Cart Applications, Framework
> for Multilingual Web Sites, Web Designs)
--
Regards
Fahad Pervaiz
www.ecommerce-xperts.com <http://www.ecommerce-xperts.com>
(Shopping Cart Applications, Framework
for Multilingual Web Sites, Web Designs)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
