[Mapbender-dev] mb_user_ip vs. remode_addr
NAGY, Tamas
contact at wezo.org
Sat Jan 31 15:20:29 EST 2009
Hi folks!
A couple of days ago, I came across an interesting phenomenon and i
would like to report it now:
If visitors come through multiple web-proxies (the requests are made
once via proxy-a, once over proxy-b) and want to reach a mapbender GUI
it is not guaranteed that $_SESSION['mb_user_ip'] will be always equal
to $_SERVER['REMOTE_ADDR']. Therefore, because in the
mb_validateSession.php there is a check against these variables
whether they are equal or not, sometimes it can happen that the login
form appears for these users.
In bigger companies where there are more proxy servers it can happen
that once a web-request is made over proxy-a and once over proxy-b.
Best regards,
wEZO
More information about the Mapbender_dev
mailing list