IP addresses and that

Originally posted by jimslyp69
It all depends on whether it is a public or private IP address. Private IP addresses can be duplicated many times as long as they are all in their own private networks, whereas public ones are allocated to different governmental groups and ISP's. These should not be used more than once on The internet to prevent conflicts. However they can be ...[text shortened]... sed IP addy and broadband users have a fixed one. Although this rule is not rigidly adhered to.

There seems to be a lot of bluffing going on in this thread.

Whether an IP is private or public doesn't even relate to this discussion.

Most of the rest of your post is also irrelevant or just plain wrong.

D

It's all very simple really. I'll explain it one more time and then I'm out of here.

Even though every computer on a given network needs a unique IP-address, the Internet is not one great network of single computers. It's one great network of computers and other networks.

Network A is part of network B. To all the other computers on network B, network A can appear to be a single computer (if configured to masquerade all it's underlying computer's IP-addresses as its own). Network A in turn can contain computers or other networks and so on.

When a serverpage like the one you're currently reading receives a request, it cannot know for sure that the client IP-address and port it receives are in fact from the origin client or from a computer hiding all the clients on it's underlying network.

There are ways to attempt to determine the origin client. It's what the police does if a crime has been committed, but the techniques involved are not available to simple webmasters (besides, it often involves getting court orders to access logs on various servers and hoping the servers keep logs). Thus, Russ and company can't possibly know anything about a user based on their IP (and port).

Which of course is why we have something called generated session id's. If the IP-address was a really reliable source, then we could use that address as the session id. It would even eradicate the problem of hi-jacked sessions on the Internet. But the IP-address is not a reliable source, so as a programmer, you're stuck with the next best: generated session id's sent back and forth between the client and the server using cookies or the URL.