How to make a unique name for $ _SESSION in PHP?

Question

How to make a unique name for $ _SESSION in PHP?

As part of the login system that I am doing, I track failed login attempts for a unique session named after each client:

if($login_failed) {

            // update failed login attempts
            $session_name = 'failed_attempts'.$_SERVER['REMOTE_ADDR'];

            if(!isset($_SESSION[$session_name])) {
                $_SESSION[$session_name] = 1;               
            }
            else {
                $_SESSION[$session_name] += 1;  
            }

}

As you can see, to determine a unique name for each session, I add the user's IP address at the end of the failed_login_attempts line.

If the user reaches 5 unsuccessful attempts, I require that each subsequent attempt be filled with captcha.

I'm just worried that there may be networks where many users are assigned the same IP address, in which case if 1 user cannot log in, they will all start to see captchas, even if only one user needs to show CAPTCHA .

, 2 IP-, , 3 , , .

, IP-, , ?

+3

php networking session ip

TK123 02 '12 2:16

3

, IP-, NAT . uniqid(), . , session_id() .

, , - .

if (failed_login) {
  $_SESSION['failed_logins']++;
}

$threshold = 5;
if ($_SESSION['failed_logins'] >= $threshold) {
   // Do whatever is needed when too many failures occur
}

, , . , , , , .

+1

Michael Berkowski 02 '12 2:18

The best solution would be to flag / increase the column in your user table, and when it reaches 5, activate the tracking code. After a successful login, the reset value is 0.

0

Scott Sep 01 '15 at 14:32

source share

dmp · Accepted Answer · 2012-05-02T02:18:13+0000

, cookie . , .

- .

, , , PHP cookie ( ), , . , . , , php-.

How to make a unique name for $ _SESSION in PHP?

More articles: