[horde] checkSessionIP and proxies

Juan Germano jigermano at uolsinectis.com.ar
Mon Dec 13 19:56:56 PST 2004


Thanks for your answer. I will turn off ip address checking then.
Thxs again!

On Mon, 13 Dec 2004 18:44:02 -0500, Chuck Hagenbuch <chuck at horde.org>  
wrote:

>
> Quoting Juan Germano <jigermano at uolsinectis.com.ar>:
>
>> Hi. I was getting the 'Your Internet Address has changed since the
>> beginning of your session.  To protect your security, you must login
>> again' message altough my IP address hadn't changed. The reason is that  
>> we
>> have a number of proxies with round bind balance, so
>> $_SERVER['REMOTE_ADDR'] changes all the time. I believe
>> $_SERVER['HTTP_X_FORWARDED_FOR'] should be used instead in these cases  
>> so
>> I made the necesary changes. Feel free to correct if you don't like my
>> coding style. Also, I'm not so sure one should check for either variable
>> available, but maybe set somewhere which one we're using? Are there  
>> cases
>> where this would break things?
>
> I'd just turn off IP address checking for your case; I'd be concerned  
> that this
> is way too easy to forge.
>
> -chuck
>



-- 
j



More information about the horde mailing list