[horde] checkSessionIP and proxies
Chuck Hagenbuch
chuck at horde.org
Mon Dec 13 15:44:02 PST 2004
Quoting Juan Germano <jigermano at uolsinectis.com.ar>:
> Hi. I was getting the 'Your Internet Address has changed since the
> beginning of your session. To protect your security, you must login
> again' message altough my IP address hadn't changed. The reason is that we
> have a number of proxies with round bind balance, so
> $_SERVER['REMOTE_ADDR'] changes all the time. I believe
> $_SERVER['HTTP_X_FORWARDED_FOR'] should be used instead in these cases so
> I made the necesary changes. Feel free to correct if you don't like my
> coding style. Also, I'm not so sure one should check for either variable
> available, but maybe set somewhere which one we're using? Are there cases
> where this would break things?
I'd just turn off IP address checking for your case; I'd be concerned
that this
is way too easy to forge.
-chuck
--
"But she goes not abroad in search of monsters to destroy." - John
Quincy Adams
More information about the horde
mailing list