Posted by Sanders Kaufman on 11/02/07 20:15

"Gordon Burditt" <gordonb.wt8rr@burditt.org> wrote in message
news:13ikt222nmkpvfe@corp.supernews.com...
> >The current user, of course. Or in a word... "currency".

>>While it's true a user can come from any number of IP's - they can only
>>come
>>from one per session.
>
> Incorrect. They can have multiple IPs per page view. If, for
> example, you have a main page, 3 frames, and 16 images, those
> requests could come from 20 different IPs, just to view one page.
> More if any redirects are involved. For reasonably short sessions,
> it is possible that the user will never use the same IP twice.

It's bad bidness to think of framed pages as one page.
Indeed - it's bad bidness to just thing of framed pages at all.
Beyond that - if you're authenticating with one frame, and not telling
another - you've got other problems to deal with.

As for that 16 images being requested by 16 different IP's though - that's
just a bunch of hooey.
Anyone who's doing that is going through GREAT efforts to masque their
identity, not to verify it.


> Oh, yes, users in this situation (e.g. AOL users) may not be able
> to turn this behavior off even if their lives depended on it. Don't
> assume that all AOL users only use AOL to "hide". AOL has customers
> besides spammers and scammers. And most of the SPAM and scams that
> appear to come from AOL don't actually originate there.

What's that - an AOL press release?
This is a technological discussion.
Saying that "not all" AOL users are hackers does nothing to alleviate the
technical fact that AOL is a haven for hackers.
So - leave the fluff to the content providers.


> On the other hand, very large organizations may have a single proxy
> server so there may be tens of thousands of users all with the
> *SAME* IP. These users probably can't turn that off, either, if
> they want any Internet web access at all.
>
>>If that changes from the time that they login to the time they do
>>something
>>secure, you gotta revalidate.
>
> Translation: THEY CAN *NEVER* GET IN. Or at least not within a
> reasonable human lifetime.

Wow - and yet, for all the sites I've built in the past, and all the sites I
host in the present, they get in every day.
I wonder if perhaps you might have misunderstood... just before you launched
into that all-caps screech-fest.


>>This is why banks still have tellers.
>>Most stuff is totally safe to do at an ATM.
>>Some stuff requires a more *personal* transaction.
>
> And apparently that isn't doable via your web site. Perhaps an
> in-person meeting, with 10 bodyguards with machine guns on each
> side would work better.

Oh - you're one of those.
I thought you were just a typical newbie programmer with an attitude.
But you're a real nutter aintcha?

[Back to original message]