RE: MAC Address -- RPG400-L

3) Some RPG scheme that hasn't been introduced yet.......

There aren't any passive identification schemes that are guaranteed to be unique. Unless you assign static IP's to each device, eventually you will wind up not being able to identify a client.

"The alternative to passive client identification is to play an active role on the server end:

1) When a client begins a session, generate an identifier on the server side and remember it for later so that you can associate it with the state data you're maintaining for the session.

2) Give the identifier to the client and require that the client return it with all subsequent requests that are part of the session.

3) Each time a request arrives that contain the identifier, look up the associated session [on ther server] and interpret the request in the context of the session's current state."

(quoted from, MySQL and Perl for the web by Paul DuBois)

An MD5 checksum is handy, because it's hard to guess, but very unique. Another alternative I already mentioned is a user id and password combination. This identifies a user, rather than a device. I find generally that I would rather associate data with a user than a device. If the user opts to use a different device, he can still access his own data, with no special action required by IT. In the case where data is associated with a device, the user must contact IT to change from one device to another.

In my app, I utilize a user/password combination to generate a session identifier. Session ID's only get generated when the user/password combo is correct. The session identifier looks like a random string of digits. The session identifier is sent by the server to the client, and the client must return it on every request. Nice thing about the session id concept is that the user can log in with the same id/password from more than one device, but the sessions don't get confused by the server.

If the session identifier can't be located in the database, the user is asked to log in again. I expire the session id's every so many days, so that the user is periodically forced to log in again, but they don't have to log in *every* time.

Regards,
Rich

Thanks in advance,
Andy Holmer

-----Original Message-----
From: Rich Duzenbury [mailto:rduz-midrange@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, November 20, 2003 11:55 AM
To: RPG programming on the AS400 / iSeries
Subject: Re: MAC Address

At 10:18 AM 11/20/03, you wrote:
>Is there any way to tell the MAC address of the client that is
connected
>to my RPG program?  I need to be able to determine if that client has
>connected previously and I can't use the IP address because of DHCP.  I
>am open to other suggestions as well.
>
>

Hmm.  I don't know the answer, but it seems that a MAC address won't be
a
necessarily unique identifier.  What if someone connects through a
gateway
or proxy?  Your program will see the gateways MAC address, not the
end-users.  What if the user has to change their network card?  What if
the
user connects from a home PC or work PC?

The only way to know if a user is connected again is to record their
user
id.  You will have to set up a user id /password mechanism for the most
accurate results.

Regards,
Rich

_______________________________________________
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing
list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


_______________________________________________
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.