Is it safe to assume constant IP address with a COMET server implementation?

Question

Our website uses an in-house implemented long-polling COMET server to communicate with the web-page on the client machine. A Connection object manages the requests and responses for a single client. The Connection object can live for many hours and deal with several hundred requests from the same client, while they remain "connected" to the server.

My question is: Is it safe to assume that the originating address of requests from a single client over a single session will remain constant? I'd like to make rules to enforce this such that if the client originates from a new ipAddress, they need to start from scratch. I am wondering if there is a common case where requests from a single browser might originate from different ipAddresses at a rate that would make my plan stupid.

Answer 1

I think that it will depend on the networks in question and also on what user behavior you are actually trying to detect.

Many users are behind network address translators (NATs) and/or network proxies so you will not be seeing their 'real' or 'local' IP address anyway, For example, if you are on a typical home broadband network, query your local IP address on your machine (e.g. using ipconfig if you are using windows or network utility on a MAC) and compare it to the IP address that a server in another network sees when you contact it (e.g. using a site like http://whatismyipaddress.com/). The server in the internet will see a different address than you are seeing locally.

So you may have a user who is part of a large network that uses only one or two IP addresses externally to communicate with the external web and the user may 'unplug' from one local network connection and 'plug into' another one, getting a new local IP address, but it would be invisible to you as the connections would still come via the large networks external IP address.