[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] hidden service

On Sat, 20 Jul 2013 23:44:36 +0000, Pokokohua wrote:
> I am running a hidden service website that uses user sessions made up from
> individual visitors server variables. Unfortunately $_SERVER[ 'REMOTE_ADDR' ]
> is reporting all visitors IPs as

IP addresses are unsuitable for sessions anyway - multiple users
can appear under the same address (proxies/NAT gateways of
mobile providers/hotspot operators) and don't necessarily
stay on the same address (tor users, again mobile devices)

> Is there any way of
> either detecting the last node IP address/apparent ip, to use in making up a
> visitors session, or something original to a TOR visitor that I can
> use, or even another method of creating unique user sessions without a
> user having to log in.

Do you mean 'within a session' or 'recognize a user in a new session
after reboot/browser restart'?

For the latter: No. That's kinda the point. (You may be successful
in setting cookies, depending on what browser is used on the other
end. Hidden service does not necessarily mean 'tor browser bundle'.)

For the former I'd expect cookies to work. (I think you just made
me want to try the cookie thing.)


"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
tor-talk mailing list