Karl_T

About session fingerprint and load balancer IP change

5 posts in this topic

I am currently using Elastic Load Balancing(ELB) from AWS. ELB is the HTTP end point, so the IP address stored in session is the ELB's local IP address instead of the client's IP. Unfortunately, ELB randomly change its local IP address, which induce session change and log anyone out. I tried change the session fingerprint as below.

$config->sessionFingerprint = 12;

However, I am still unable to get the client's IP address correctly. ELB is passing the client's IP with X-Forwarded-For header. How can I store correct IP in session?

I can just set session fingerprint to not tracking IP, but I am building e-commerce site and using Padloper which required IP address. This is why I want to fix this.

Share this post


Link to post
Share on other sites

If I remember correctly, Ryan made some modification regarding AWS, be sure to use PW 3.0.60.

Share this post


Link to post
Share on other sites

Hi @Zeka

Although this does the trick to prevent log out, I still would want to get the client's real IP address as stated.

I found that this is not possible right now as the getIP method Processwire using do not have a place for setting to read new header.

I added a feature request for this issue here: https://github.com/processwire/processwire-requests/issues/92

 

Edit: Sorry, I have made a mistake. Setting $config->sessionFingerprint do nothing to IP storing. The way to get the forawrded client's IP is using something like

$sessoin->getIP(false, 2);

instead of 

$sessoin->getIP(); 

The key is the second parameter.

 

I got logged out even though I set

$config->sessionFingerprint = 12;

If I find out the reason I will report back here. I can confirm that my own IP address is fixed.

2 people like this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.