I have a login script for a small application that works by storing session cookies and checking them on each page to make sure the user is logged in.
One of the two users who uses the system keeps getting logged out randomly.
This appears to be down to the session cookie that shows then authenticated no longer being present.
After a lot of investigation the only thing I can see that is different about this user is that their IP address is changing (today it was changing every hour (their on Sky)).
The only thing is the change of IP address has happened 5 times this morning and only once has the user been logged off.
Has anyone had a similar issue?
Are session cookies in someway tied to IP addresses?
Any help or links much appreciated.
Thanks
C
No. As long as the browser is connecting to the same IP name serverside it doesn’t matter if the clients address changes or goes via a different proxy.
It’s more likely that something is getting cached where it shouldn’t. (assuming you are doing no validation against IP address).
Have you got your webserver configured to log session ids against the request/client/user agent? (i.e. in the access log)
C.