[horde] checkSessionIP and proxies
Juan Germano
jigermano at uolsinectis.com.ar
Mon Dec 13 19:56:56 PST 2004
Thanks for your answer. I will turn off ip address checking then.
Thxs again!
On Mon, 13 Dec 2004 18:44:02 -0500, Chuck Hagenbuch <chuck at horde.org>
wrote:
>
> Quoting Juan Germano <jigermano at uolsinectis.com.ar>:
>
>> Hi. I was getting the 'Your Internet Address has changed since the
>> beginning of your session. To protect your security, you must login
>> again' message altough my IP address hadn't changed. The reason is that
>> we
>> have a number of proxies with round bind balance, so
>> $_SERVER['REMOTE_ADDR'] changes all the time. I believe
>> $_SERVER['HTTP_X_FORWARDED_FOR'] should be used instead in these cases
>> so
>> I made the necesary changes. Feel free to correct if you don't like my
>> coding style. Also, I'm not so sure one should check for either variable
>> available, but maybe set somewhere which one we're using? Are there
>> cases
>> where this would break things?
>
> I'd just turn off IP address checking for your case; I'd be concerned
> that this
> is way too easy to forge.
>
> -chuck
>
--
j
More information about the horde
mailing list