User HTTP requests coming from multiple IP Addresses

by Dan   Last Updated May 15, 2019 16:00 PM

I'm just looking through our web logs and noticed a user who logs in and appears to be using two different IP addresses as he browses the website.

ie. some of the request for images and scripts come from a different IP to the one that requested the login page.

Under what sort of setup would this occur?

Tags : http


Answers 2


This setup is not common, but it is also less rare than you think. It's possible in some scenarios, I can think of the following:

  • Users having more than one connection at home (for reliability or other reasons) and who use a random one for each connection (possible to set it up that way)
  • Using TOR or other VPN/anonymation services can cause users to suddenly switch IP
  • Some strange corporate/offices environments

It's something that you should definitely take into account. When I was working for a very big website I implemented a SSO (Single Sign-on) system that assumed the IP of two subsequent web requests was the same if the user was the same.

Surprisingly to me at the time, dozens of users complained of things being randomly broken, and after some investigation I discovered that all of them had more than one IP. Granted, we received millions of visitors so the percentage is very very tiny, but those people are out there and they can be "legit".

Thomas Bonini
Thomas Bonini
January 21, 2013 02:34 AM

I've just seen the same situation and determined that it's due to our traffic being directed through AWS CloudFront (other CDNs are available), so that's another scenario where you might see this behavior.

Time to rethink my sticky sessions to use something other than IP address. Cookie, anyone?

Daps
Daps
May 15, 2019 15:36 PM

Related Questions


Updated November 20, 2018 23:00 PM

Updated March 27, 2017 13:00 PM

Updated January 27, 2018 20:00 PM

Updated July 16, 2017 09:00 AM

Updated February 18, 2018 06:00 AM