Re: [Bodington-developers] Bodington and AOL

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Alistair Young wrote:
> looking at the mvnforum code:
> 
> if (action.getRemoteAddr().equals(request.getRemoteAddr()) == false) {
>                 request.getRequestDispatcher("/mvnplugin/mvnforum/invalidsession.html").forward(request,
> response);
>                 return;
>             }
> 
> points to AOL being the problem. The IP address has changed since the last
> request.

This is perfectly legal todo and it's not just AOL who do it although
they are one of the biggest. The reason for it is that they have a farm
of proxy servers for all web traffic and it seems that users sessions
can move between them (load balancing / fault tolerance). When the user
switches proxys the IP changes, the users have no control over which
proxy gets used for any request.

The reason for having IP checking is to help prevent session hijacking
by stealing a users cookie.

> 
> Would bod be affected too?

I don't think so as the only thing I think we use the
session.getRemoteHost for is usage monitoring.

-- 
 Matthew Buckett