Hi,
I am working on an app that will work on desktop and mobile, I want to limit the access for users to a certain country for example "Egypt". Now what is the most secure way to do so, the service will use tokens and HTTPS and everything else that will secure it. But what I am asking is which one of the following is best:
1- Get the location on client side and send the lat, lang or country code like "EG" in an http header.
2- Detect the location on server side only on logins via client IPs (I don't know how to do this? I believe there is a service that can get you the location from IP, but I know that IP addresses sent to server are not the real ones and I don't know if they really point to the client location or not)
3- Let's say Option 2 is the correct way should validate the location with each request or just at login as I said?
Thanks in advance any help will be appreciated
I am working on an app that will work on desktop and mobile, I want to limit the access for users to a certain country for example "Egypt". Now what is the most secure way to do so, the service will use tokens and HTTPS and everything else that will secure it. But what I am asking is which one of the following is best:
1- Get the location on client side and send the lat, lang or country code like "EG" in an http header.
2- Detect the location on server side only on logins via client IPs (I don't know how to do this? I believe there is a service that can get you the location from IP, but I know that IP addresses sent to server are not the real ones and I don't know if they really point to the client location or not)
3- Let's say Option 2 is the correct way should validate the location with each request or just at login as I said?
Thanks in advance any help will be appreciated