[Mapbender-dev] mb_user_ip vs. remode_addr
Christoph Baudson
christoph.baudson at wheregroup.com
Tue Feb 3 05:48:32 EST 2009
NAGY, Tamas schrieb:
> Hi folks!
>
> A couple of days ago, I came across an interesting phenomenon and i
> would like to report it now:
>
> If visitors come through multiple web-proxies (the requests are made
> once via proxy-a, once over proxy-b) and want to reach a mapbender GUI
> it is not guaranteed that $_SESSION['mb_user_ip'] will be always equal
> to $_SERVER['REMOTE_ADDR']. Therefore, because in the
> mb_validateSession.php there is a check against these variables
> whether they are equal or not, sometimes it can happen that the login
> form appears for these users.
> In bigger companies where there are more proxy servers it can happen
> that once a web-request is made over proxy-a and once over proxy-b.
Thanks for reporting this issue.
Do you have a suggestion how to improve the current behaviour? Please
feel free to supply a bug fix.
Thanks
Christoph
>
> Best regards,
> wEZO
>
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
--
----------------------------------
FOSSGIS Konferenz 2009
17.-19. März 2009 in Hannover
http://www.fossgis.de/konferenz
----------------------------------
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________
More information about the Mapbender_dev
mailing list