RE: AOL issue

I was having the same problem with a shopping cart and AOL users. The cart
was using temp files named with the users IP address, and AOL users were
regularly seeing other peoples things in their shopping cart.

We had to finally go with cookies instead and save the cart temp file with
the process ID as the name instead of the IP.

This may not help you with your situation, but it resonates the degree of
difficulty that AOLs IP assignment process is causing in other areas as
well.

Jan

-----Original Message-----
From: owner-hwg-languages(at)hwg.org [mailto:owner-hwg-languages(at)hwg.org]On
Behalf Of Scott Winkle
Sent: Monday, September 09, 2002 9:44 AM
To: hwg-languages(at)hwg.org
Subject: Re: AOL issue


All,

We are actually having a very similar problem with a new portal we
developed in house using PHP. We are not using any kind of IP checks,
just standard PHP 4 sessions, yet no matter what we do, AOL users cant
login- it acts as if they never even submitted the login form. Anyone
run into this before, and have any idea what to do to fix it?


Hank Marquardt wrote:

>Unless you *know* a person is coming in on a static IP and wish to have
>an additional check on such, IP checks are simply a *Bad Idea(tm)* for
>the issues you're having.  I sometimes include debugging code in scripts
>that will check the IP before displaying values, but that's because I
>have a fixed series of IPs that I use -- aol has hundreds (if not
>thousands) of sub-nets -- if you're going to open your screen that much,
>you may as well not screen at all on that criteria.
>
>H
>
>On Sun, Sep 08, 2002 at 08:15:48PM -0400, Keith Sellars wrote:
>
>
>>Isn't there a fixed set of addresses they use though? ... so that
>>theoretically a user's IP address could be matched against the list to see
>>if were one on the list?
>>
>>Thanks,
>>Keith D Sellars
>>WebGraffix
>>www.webgraffix.com
>>
>>"Making database sites seem easy"
>>
>>----- Original Message -----
>>From: "Rob Taylor - tconsult.com" <rob(at)tconsult.com>
>>To: "Keith Sellars" <Keith(at)webgraffix.com>
>>Sent: Sunday, September 08, 2002 5:41 PM
>>Subject: Re: AOL issue
>>
>>
>>
>>
>>>That is going to cause problems.  IP addresses from AOL dynamically
>>>
>>>
>>change.
>>
>>
>>>For example, I often open my web stats for my sites and see like 30 AOL
>>>users
>>>there.  Truth is they are all the same.  It's just that whenever a new
AOL
>>>user
>>>requests a page he has a new IP address every time.  So he looks like
>>>30 different people when he is one in the same.
>>>
>>>Also, requests for IP addresses do not always work regardless of ISP.
>>>There are several types of software you can buy that will mask your
>>>
>>>
>>network
>>
>>
>>>information so this may not be happening just with AOL people.
>>>
>>>Glad I could help.
>>>
>>>
>>>Rob Taylor
>>>www.tconsult.com
>>>rob(at)tconsult.com
>>>585-367-2483
>>>Customized Internet Solutions for Outdoor People
>>>
>>>
>>>----- Original Message -----
>>>From: "Keith Sellars" <Keith(at)webgraffix.com>
>>>To: <hwg-languages(at)hwg.org>
>>>Sent: Sunday, September 08, 2002 5:17 PM
>>>Subject: Re: AOL issue
>>>
>>>
>>>
>>>
>>>>You know what?  I think you have hit the nail on the head.  We do indeed
>>>>
>>>>
>>>do
>>>
>>>
>>>>IP address checks...  Thanks, I'll see what we can do.
>>>>
>>>>Thanks,
>>>>Keith D Sellars
>>>>WebGraffix
>>>>www.webgraffix.com
>>>>
>>>>"Making database sites seem easy"
>>>>
>>>>----- Original Message -----
>>>>From: "Rob Taylor - tconsult.com" <rob(at)tconsult.com>
>>>>To: "Keith Sellars" <Keith(at)webgraffix.com>
>>>>Sent: Sunday, September 08, 2002 5:08 PM
>>>>Subject: Re: AOL issue
>>>>
>>>>
>>>>
>>>>
>>>>>Are there any security checks that involve IP addresses?
>>>>>If so that can be a huge problem since AOL dynamically
>>>>>changes IP addresses on the fly.
>>>>>
>>>>>Rob Taylor
>>>>>www.tconsult.com
>>>>>rob(at)tconsult.com
>>>>>585-367-2483
>>>>>Customized Internet Solutions for Outdoor People
>>>>>
>>>>>
>>>>>
>>>>>----- Original Message -----
>>>>>From: "Keith Sellars" <Keith(at)webgraffix.com>
>>>>>To: <hwg-languages(at)hwg.org>
>>>>>Sent: Sunday, September 08, 2002 4:43 PM
>>>>>Subject: AOL issue
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Hi everyone.  I have a problem that I cannot correct to this point.
>>>>>>
>>>>>>
>>>At
>>>
>>>
>>>>>>www.schoolpad.net, if a teacher logs in using AOL, he/she isn't
>>>>>>
>>>>>>
>>>allowed
>>>
>>>
>>>>to
>>>>
>>>>
>>>>>>log in properly.  This is becoming quite an issue since the site is
>>>>>>
>>>>>>
>>>>>growing
>>>>>
>>>>>
>>>>>>in membership.
>>>>>>
>>>>>>To log in as a teacher (if you want to check it out), use
>>>>>>
>>>>>>
>>"janesmith"
>>
>>
>>>as
>>>
>>>
>>>>>the
>>>>>
>>>>>
>>>>>>username and "112233" as the password.  Does anyone know what could
>>>>>>
>>>>>>
>>be
>>
>>
>>>>>>peculiar to AOL that could be causing this?  The entire site is
>>>>>>
>>>>>>
>>>designed
>>>
>>>
>>>>>in
>>>>>
>>>>>
>>>>>>php and implements several different types of security checks, but
>>>>>>
>>>>>>
>>>they
>>>
>>>
>>>>>are
>>>>>
>>>>>
>>>>>>all done server side so that nothing is client-dependent (at least
>>>>>>
>>>>>>
>>not
>>
>>
>>>>>until
>>>>>
>>>>>
>>>>>>this issue).  One of the security checks is that the user, upon
>>>>>>
>>>>>>
>>>>successful
>>>>
>>>>
>>>>>>logging in, is assigned a random 32 bit session ID, which is used to
>>>>>>
>>>>>>
>>>>track
>>>>
>>>>
>>>>>>the user to ensure that no one simply changes something in the URL
>>>>>>
>>>>>>
>>>after
>>>
>>>
>>>>>>being logged in and thus is able to access another user's
>>>>>>
>>>>>>
>>information
>>
>>
>>>>>>improperly.
>>>>>>
>>>>>>Anyway, any suggestions on this one?  (I realize that this is
>>>>>>
>>>>>>
>>somewhat
>>
>>
>>>>>>vague, but I'll be glad to answer whatever questions I can that will
>>>>>>
>>>>>>
>>>>help
>>>>
>>>>
>>>>>>diagnose this problem).
>>>>>>
>>>>>>Thanks,
>>>>>>Keith D Sellars
>>>>>>WebGraffix
>>>>>>www.webgraffix.com
>>>>>>
>>>>>>"Making database sites seem easy"
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>
>
>

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA