Hi folks!
A couple of days ago, I came across an interesting phenomenon and i
would like to report it now:
If visitors come through multiple web-proxies (the requests are made
once via proxy-a, once over proxy-b) and want to reach a mapbender GUI
it is not guaranteed that $_SESSION['mb_user_ip'] will be always equal
to $_SERVER['REMOTE_ADDR']. Therefore, because in the
mb_validateSession.php there is a check against these variables
whether they are equal or not, sometimes it can happen that the login
form appears for these users.
In bigger companies where there are more proxy servers it can happen
that once a web-request is made over proxy-a and once over proxy-b.
Best regards,
wEZO
_______________________________________________
Mapbender_dev mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapbender_dev
