Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development CodeIgniter 3.x CI 3 Session - sess_match_ip only for REMOTE_ADDR?
CI 3 Session - sess_match_ip only for REMOTE_ADDR?
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#2
09-13-2016, 12:40 AM

(09-12-2016, 12:37 PM)michelecom Wrote: Hello everyone,
just a question to understand why in the session_drivers, when the config var 'sess_check_ip' is set to TRUE, 
PHP Code:
//config.php
$config['sess_match_ip'] = TRUE

is considered only the $_SERVER['REMOTE_ADDR'] 

PHP Code:
// Session_files_driver.php
$this->_file_path $this->_config['save_path'].DIRECTORY_SEPARATOR
            .$name // we'll use the session cookie name as a prefix to avoid collisions
            .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : ''); 


and not the other headers like 'HTTP_X_FORWARDED_FOR' (maybe calling the input->ip_address() funcion).

This can cause issues when on server with a loadbalancer that can serve the site from different ip addresses.

Thank you

This is by design and won't change.

(09-12-2016, 03:58 PM)arma7x Wrote: To match client ip with their current session. If you deploy on server with a load balancer please consider use database,redis or memcache as session driver

This is completely irrelevant.
Reply


Messages In This Thread
RE: CI 3 Session - sess_match_ip only for REMOTE_ADDR? - by Narf - 09-13-2016, 12:40 AM



Theme © iAndrew 2016 - Forum software by © MyBB