getting a clearly identifying number for a user who is not logged in getting a clearly identifying number for a user who is not logged in
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

getting a clearly identifying number for a user who is not logged in

Started by mcdezibel, February 11, 2006, 12:20:10 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

mcdezibel

February 11, 2006, 12:20:10 PM
I'm searching for a number that clearly identifies a user who is not logged in on coppermines gallery.

In coppermin.inc.php line 44 found that $this->client_id maybe such a number ...

line 44:  // A hash that's a little specific to the client's configuration
line 45: $this->client_id = md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['SERVER_PROTOCOL'].$CONFIG['site_url']);


I also found that when the users browser is closed and then reopened the value of $this->client_id doesn't change.

What do I have to do to get a number from the coppermine system that changes after the user reopens his browser ?

Some users get a new IP number when reconnecting to the internet. Concerning my problem, wouldn't it then be interessting to add the value $_SERVER["REMOTE_ADDR"] inside md5() line 45 ?

What is the best way to do ?

mcdezibel



Joachim Müller

#1
February 11, 2006, 12:36:57 PM
IP addresses can be spoofed or not sent at all, not a reliable method imo. Most IP addresses for end users are assigned dynamically, so there's little use in tracking them.

Nibbler

#2
February 11, 2006, 01:50:36 PM
Set your own session cookie and use that.
Print
Go Up Pages1
User actions