[prev in list] [next in list] [prev in thread] [next in thread]
List: mapbender-dev
Subject: [Mapbender-dev] mb_user_ip vs. remode_addr
From: "NAGY, Tamas" <contact () wezo ! org>
Date: 2009-01-31 20:20:29
Message-ID: 20090131212029.jtlwpurg1wkogcwk () dexter ! tvnetwork ! hu
[Download RAW message or body]
Hi folks!
A couple of days ago, I came across an interesting phenomenon and i
would like to report it now:
If visitors come through multiple web-proxies (the requests are made
once via proxy-a, once over proxy-b) and want to reach a mapbender GUI
it is not guaranteed that $_SESSION['mb_user_ip'] will be always equal
to $_SERVER['REMOTE_ADDR']. Therefore, because in the
mb_validateSession.php there is a check against these variables
whether they are equal or not, sometimes it can happen that the login
form appears for these users.
In bigger companies where there are more proxy servers it can happen
that once a web-request is made over proxy-a and once over proxy-b.
Best regards,
wEZO
_______________________________________________
Mapbender_dev mailing list
Mapbender_dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapbender_dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic