Home > Mobile >  is getClientIp() enough to identify a user
is getClientIp() enough to identify a user

Time:06-21

I'm working on a symfony project and I want to allow users to add products to the cart before they sign up my idea is to identify the users using the getClientIp() is this function enough to identify users or do I need to use other functions

CodePudding user response:

Authetification and Identification is a complex part of programming.

It's not enough to check an IP-Address (what can simply be changed by several actions).

Because you tagged your Question with Symfony, have a look on the Symfony Security package to get it working for you.

Hope this helps you.

CodePudding user response:

No, you cannot use an IP address to identify a specific user.

Why?

  • One public IP address can be shared by multiple users and devices - examples of this scenario include users behind a NAT router on a domestic network, or users behind a proxy server or gateway on an organisational network.

  • Equally one user or device can use multiple IP addresses. One user can use multiple devices, which can be connected to different IP addresses, and can even switch networks or IP address during one session of usage. Examples of this include switching from Wifi to Mobile data connection by a portable device, or a device/router being allocated a new public IP by their ISP via DHCP.


To address your specific requirement:

If, in your application, you want to allow users to add items to their cart before signing up, one option is you can store that data in the Session in PHP. Session data persists on the server for the duration of the current browser session (this is managed by cookies and doesn't depend on a user having logged into your application, and doesn't depend on their IP address either).

Then if the user registers an account during the same session, you keep that Session data and it becomes that specific user's cart. (You can then, for example, more easily do things like have a cart which persists between browser sessions and across all devices where the same user is logged in, because you can tie it to the user record in the database.)

  • Related