views:

18

answers:

1

I've been asked to write code to track IP addresses of visitors to one of my company's online applications in .NET. This is actually the second one I've done, having done another site late last year. I noticed then, and again now, that I sometimes get the same IP address showing up for what I know is another box.....sometimes a co-worker's and sometimes a box not even in this building. The code is pretty straightforward, here's how I get the address:

Dim IPAddress As String = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IPAddress = "" Then IPAddress = Request.ServerVariables("REMOTE_ADDR")

I log the results to a database upon users logging in. My testing this morning on my development box, of course, yielded 127.0.0.1.....fine, just what I expected. When I deployed the code on our staging server, I got my actual IP address (I've seen it enough to know it when I see it). All fine.....but then a co-worker in our QA group went in to do some testing and MY IP address was logged in the database. I know with certainty that we don't share that address.

I also recall seeing this during my first deployment, when transactions from customers in various states around the US were logged with MY IP address. I'm not seeing things.....can someone please tell me how this is happening? It's almost like the transaction header is being cached and subsequent calls aren't fetching the new user's info.

Any ideas? Thanks!

A: 

Most likely what you are seeing is a router's IP address. A better way to track users on a web application is to use a cookie to tag them. [Kind of like tagging a wild animal in the woods.] You can then use the ID in the cookie to identify them on return visits.

joe.liedtke