[Resolved] Is it possible for a truly unique IP?

dbdamnedman

Hello,

I'm having some problems with using IP addresses that are truly unique.

I'm trying to detect REMOTE_ADDR, HTTP_CLIENT_IP, and HTTP_X_FORWARDED_FOR (usually only 2 of the 3 are returned).

I'm using a bit more than that too, here is what it looks like when I create the identity:

$ip1      = $_SERVER['HTTP_USER_AGENT'];
$ip2      = $_SERVER['REMOTE_ADDR'];
$ip3      = $_SERVER['REMOTE_HOST'];
$ip5      = $_SERVER['HTTP_CLIENT_IP'];
$ip6      = $_SERVER['HTTP_X_FORWARDED_FOR'];
$uniqueid = $ip1.$ip2.$ip3.$ip5.$ip6;

I combine them together to use as an identifier for that person, so I know who they are while they browse my site without me having to use sessions and/or cookies.

But there's a problem. The script I made is for students at a school, there computers are all networked. So therefore, it appears to my script that all of the computers are only one.

Is there anything else I can do? Please help, it would be much appreciated.

Thanks in advance.

LordShryku

Sounds like they're all behind a proxy. No way I know of to get around that....

dbdamnedman

Actually, it's the same for my home network which I have 4 computers on, and I'm not behind a proxy.

dbdamnedman

Is there something else unique to a computer besides the IP that I can retrieve via PHP?

ajmoore

Not that it really matters in this case, but they're not necessarily behind a proxy...could be on a network that uses NAT.

The only other unique feature of a computer that I can think of would be the MAC Address, which you're not going to be able to access via php. They're maybe a way to get it using JavaScript, but I doubt it.

Is there any particular reason why you're against using sessions? You don't necessarily have to use cookies to use sessions...the session id can be past in the query string which negates the need for a cookie and still allows you to track individual users.

dbdamnedman

Well, I am no longer against using sessions. 🙂 I was because of the hassle of having to attach it to every URL and form on my website, and I didn't want to use cookies because some people don't have them.

But, whilst browsing the PHP manual, I found that if you have --enable-trans-sid turned on (or if you have PHP 4.2+), the session is transparently kept, so there's no need to cookie it or pass it on. I though it was a cookie at first, but I cleared my cache and cookies and was still logged in. 🙂

With this knowledge, I am changing ALL of my scripts currently running on cookies and query strings and IP-based sessions.

Thanks everyone! 🙂

Moonglobe

it IS a cookie, if the client has those enabled. but the cookie only contains the SID. if they don't support cookies PHP will automatically attach the SID to and links you have (using the php.ini directive url.rewriter_tags).

hope that clarifies things 🙂