Thanx Rick!!!! is there any solution that u recommend or is there any tutorial available that can help in resloving this problem???? Also i have observed that websites like ebay and amazon uses option1 approach i.e. they pass encrypted key on each page. On 7/5/07, replies-lists-a1z2-php@xxxxxxxxxxxxxxxxxxxxx < replies-lists-a1z2-php@xxxxxxxxxxxxxxxxxxxxx> wrote:
a problem that i see with your approach is that you're not taking into account the effects of clientA dropping their IPaddress (NATted or otherwise) and it being picked up by clientB (e.g., in a dhcp environment). if clientB then connects to your site you'll still treat it as clientA, with a large data leak resulting. [even item2 in option1 has this problem.] you need an approach that will uniquely identify the client and won't be handing one client's data to another client in a new session. in short, in an open environment, using the ipnumber (or ipnumber pair) as your key is a bad idea as it will likely result in inconsistencies and data leaks. neither of which will win you friends, especially in an ecommerce context. as a side note, if someone has cookies off there's a good probability that they have java and javascript turned off too, so if there were a way to get the client-side ipnumber (in a proxy/NATted environment) using java/javascript, it's a bit unlikely that it would work for the user who has already turned off cookies. - Rick ------------ Original Message ------------ > Date: Thursday, July 05, 2007 04:38:35 PM +0500 > From: Fahad Pervaiz <fahad.pervaiz@xxxxxxxxx> > To: Stut <stuttle@xxxxxxxxx> > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: NAT Traversal > > What i am trying to do is that, > > i have an ecommerce shopping cart application developed and deployed > on many > servers. Now i want to put support for the clients having cookies > disabled. > > There are two options to do it. > 1. Pass session id in the url ($_GET) array (encrypted or unencrypted) > 2. Store session ID against IP in the database > > Option 1 requires large amount of work and changes required even on > all the > sytem that have the ecommerce application, so that makes it less > feasable > > Option 2 seems much doable as updates required in the deployed > systems is > less. > Theoratically it should work as follows: > If client is using a proxy then store session id against actual IP + > proxy > addr > If client is using NAT then store session against the NAT addr + the > internal IP > If client is not behind nat and not using proxy then store against the > public IP > > Thats why i was looking for a way to get the internal ip, somehow > > I don't need to access the client directly but the reason to get his > internal IP is to store session id against client's nat addr+internal > ip > > Hope you get my point > > On 7/5/07, Stut <stuttle@xxxxxxxxx> wrote: >> >> Please include the list when replying. >> >> Fahad Pervaiz wrote: >> > Thanks for the reply!!! >> > >> > I need to get the internal IP of the client. Is it possible to get >> > it via javascript?? I have tried to search some scripts but found >> > nothing useful. >> >> No, you can't. Javascript runs in a sandbox that limits what it can >> do. >> >> You could do this by utilising other client-side technology such as >> ActiveX controls or possibly Java. Both would require the user to >> give them permission to access that information. >> >> However, think about what you are trying to do. Say my local IP is >> 192.168.0.5. I got through a gateway (NAT server) at 192.168.0.1 >> which proxies my connections out to the internet with the public IP >> 80.1.1.1. Your server, on the internet, cannot access my local >> machine (192.168.0.5) from outside my network unless the gateway >> (NAT server) forwards ports through to it, which is highly unlikely. >> So even if you could get my local IP it would not be of any use to >> you. >> >> Why don't you tell us what you are actually trying to do - there may >> be a better way to do it. >> >> -Stut >> >> -- >> http://stut.net/ >> >> > On 7/5/07, *Stut* <stuttle@xxxxxxxxx <mailto:stuttle@xxxxxxxxx>> >> > wrote: >> > >> > Fahad Pervaiz wrote: >> > > Hello, >> > > >> > > I want to get the actual IP of a client behind NAT or a >> > > Firewall. >> > Is there >> > > anyway to traverse NAT to get the actuall/real IP of the >> > > client >> > to check >> > > weather its reachable directly or not. >> > > >> > > OR Is there anyother way to do that. Plz suggest >> > >> > No, you can't. And even if you could it wouldn't do you any >> > good. >> Think >> > about what NAT does and you'll realise why. >> > >> > As for firewalls... if there was a way around it there'd be no >> > point >> in >> > having the firewall. >> > >> > -Stut >> > >> > -- >> > http://stut.net/ <http://stut.net/> >> > >> > >> > >> > >> > -- >> > Regards >> > Fahad Pervaiz >> > www.ecommerce-xperts.com <http://www.ecommerce-xperts.com> >> > (Shopping Cart Applications, Framework >> > for Multilingual Web Sites, Web Designs) >> > > > > -- > Regards > Fahad Pervaiz > www.ecommerce-xperts.com > (Shopping Cart Applications, Framework > for Multilingual Web Sites, Web Designs) ---------- End Original Message ----------
-- Regards Fahad Pervaiz www.ecommerce-xperts.com (Shopping Cart Applications, Framework for Multilingual Web Sites, Web Designs)
