Hacker News new | past | comments | ask | show | jobs | submit login

ISPs (especially mobile ones) sometimes rotate IP addresses in an little as 4 hours. Relying on static IP addresses throughout a client session might be more secure but will result in people getting logged out very frequently.

Plus, even with the most strict filtering client IP addresses can always be spoofed.




Encoding the IP as part of the session is not very common practice as many people switch their devices between different wifi networks and mobile


Spoofing an IP address is easy. Receiving the packets sent to that address when you don't control that address - not so easy.


MAC address would work for this, no? Wouldn't solve the spoofing but solves the dynamic IP address issue.


MAC addresses are not exposed to web sites, and for good reason. It would be the mother of all supercookies.


Wouldn't a supercookie like that make things more secure though? You could even use it for fingerprinting to help combat things like spam.


MAC address cannot be seen past your local gateway.


MAC addresses aren't sent over the Internet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: