views:

52

answers:

3

Hi I like to know why can not the container just use IP address of the client to recongize the client. As IP address is unique. Still does it need to create JSESSIONID?

+5  A: 

IP Address is nowhere near unique.

  • It will be the same for people behind a router
  • It can change from request to request
  • Mobile phones tend to go via the same one
  • etc
Noon Silk
IP address is indeed a unique thing. But what you said further is right.
Adeel Ansari
Vinegar; that's semantics, it is a "unique thing" obviously; but it can not uniquely identify an end user, which is what he is asking.
Noon Silk
Also, laptop users who connect to different networks will have different ip addresses and would need to re authenticate.
darren
...people using multiuser computers...
Tom Hawtin - tackline
@Vinegar - the only thing that an IP address uniquely identifies is itself.
Stephen C
+1  A: 

If the client's IP changed, what will happen? And how if the client behind the proxy? Then there will be only one ID for all clients behind that proxy.

nanda
A: 

Are you talking about J2EE containers? I think that part of the reason is that HTTP is stateless.

The whole notion of a session is an abstraction that allows you to do more interesting things via HTTP as a sequence of interactions (e.g., shopping cart). Thus, sessions have a unique ID.

While it is common to have one session per IP, it is not rare to have multiple sessions from the same IP (e.g., think of yourself logged in several times to gmail), some IPs are hidden, and it is even possible to have your IP change during the session and use cookies or client memory to retain the session id.

Uri