Is using a User's IP addr as part of a Cookie's hashed value that I store in the database a bad idea? I read somewhere that since most user's have dynamic IP addresses that it was bad practice to use this as part of the hash. If so what kind of user data should I pull in the hash? Or do I really need to?
Thanks.
While dynamic IP addresses (using DHCP) are an issue, they're not likely to change in small timeframes. The real problem arises from the fact that some users are behind proxies that make requests from different IP addresses all the time.
It might make sense in some Intranet environments, but I believe for a public Internet facing Web site, it's an absolute no-no.
Bad idea. There are a number of large ISPs (AOL worldwide & Virgin cable in the UK among others) that route all their users through a (relatively) small number of proxy servers, but the actual server they use, can and does change between almost every request.
If you do want to uniquely identify particular (non-logged-in) users, without requiring a back-end store, some kind of GUID may be useful.