Welcome Guest, Not a member yet? Register   Sign In
Session and match_ip ignore proxy
#1

(This post was last modified: 03-13-2017, 01:39 PM by gdhnz.)

Hi,

I've got some proxy IPs set in my config but I've found out if you set $config['sess_match_ip'] = true, then the Session library will not take into account the proxies and will always use $_SERVER['REMOTE_HOST'].

$this->input->ip_address() does take into account the proxy IPs and returns the correct client IP.

Any suggestions?
Reply
#2

Just use $this->input->ip_address() and assign it to your session variables.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(This post was last modified: 03-13-2017, 02:59 PM by gdhnz.)

I've overridden the relevant session driver to set the $CI->input->ip_address() value to a $this->ip_address class variable in the driver constructor and have replaced all instances of $_SERVER['REMOTE_ADDR'] with $this->ip_address.

Is it worth providing a pull request updating all the session drivers?
Reply
#4

No, this is by design and I suggest that you reverse your changes.
Reply
#5

If you don't want me to provide a PR then that's fine but I'm not going to revert my local changes with no explanation when it's doing what I require.
Reply
#6

If it makes any difference to the explanation, I'm on CI v3.1.3.
Reply
#7

(03-13-2017, 03:29 PM)gdhnz Wrote: If you don't want me to provide a PR then that's fine but I'm not going to revert my local changes with no explanation when it's doing what I require.

You're modifying framework files, meaning any upgrades in the future will be much harder for you, or you'll be stuck with the current version forever.
There's easier ways to do what you "require", but at the same time it is not by accident that the library doesn't take proxies into account.

You might get better feedback if you explain why you want this.
Reply
#8

Our web setup uses docker containers behind some proxies. What I see when I use match_ip for sessions is the ip address of the proxies.

All I've done is copy the system/libraries/Sessions/drivers/Session_redis_driver.php file to application/libraries/Sessions/drivers/MY_Session_redis_driver.php and just overrode the methods that used $_SERVER['REMOTE_ADDR'].

According to the documentation, this how you override core files.
Reply
#9

(03-14-2017, 12:14 PM)gdhnz Wrote: Our web setup uses docker containers behind some proxies.  What I see when I use match_ip for sessions is the ip address of the proxies.

All I've done is copy the system/libraries/Sessions/drivers/Session_redis_driver.php file to application/libraries/Sessions/drivers/MY_Session_redis_driver.php and just overrode the methods that used $_SERVER['REMOTE_ADDR'].

According to the documentation, this how you override core files.

If you're overriding the entire driver functionality (and not just the IP filtering), that means you won't get any bugfixes for that driver.
Still, you're explaining what you did, not why.

And even that is besides the point ... To clarify, I see two potential problems:

1. sess_match_ip is not for everybody; chances are you're using it just because it exists and not because you need it.
2. You're relying on (and changing) the framework, instead of properly configuring your environment. Unless you're running Apache with mod_php, it's the httpd that tells PHP what the REMOTE_ADDR value should be - this is where it should be configured; not in your code.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB