About session fingerprint and load balancer IP change

[Karl_T]

I am currently using Elastic Load Balancing(ELB) from AWS. ELB is the HTTP end point, so the IP address stored in session is the ELB's local IP address instead of the client's IP. Unfortunately, ELB randomly change its local IP address, which induce session change and log anyone out. I tried change the session fingerprint as below.

$config->sessionFingerprint = 12;

However, I am still unable to get the client's IP address correctly. ELB is passing the client's IP with X-Forwarded-For header. How can I store correct IP in session?

I can just set session fingerprint to not tracking IP, but I am building e-commerce site and using Padloper which required IP address. This is why I want to fix this.

[matjazp]

If I remember correctly, Ryan made some modification regarding AWS, be sure to use PW 3.0.60.

[Karl_T]

Thanks for your advise. I just upgraded to 3.0.60 but unfortunately no luck.

[Zeka]

Hi @Karl_T

Why not 

$config->sessionFingerprint = false;

?

[Karl_T]

Hi @Zeka

Although this does the trick to prevent log out, I still would want to get the client's real IP address as stated.

I found that this is not possible right now as the getIP method Processwire using do not have a place for setting to read new header.

I added a feature request for this issue here: https://github.com/processwire/processwire-requests/issues/92

 

Edit: Sorry, I have made a mistake. Setting $config->sessionFingerprint do nothing to IP storing. The way to get the forawrded client's IP is using something like

$sessoin->getIP(false, 2);

instead of 

$sessoin->getIP(); 

The key is the second parameter.

 

I got logged out even though I set

$config->sessionFingerprint = 12;

If I find out the reason I will report back here. I can confirm that my own IP address is fixed.