2013/1/10 John Iliffe <john.ili...@iliffe.ca>

> I recently made a posting on the Apache users group regarding recovering
> the client IP address using the $_SESSION['REMOTE_ADDR'] function in PHP.
> I received the following caveat from another developer:
> -------------start quote--------------------
> You may want to update that.
> Since 2.4, apache makes the distinction between the the two different
> REMOTE_ADDR candidates: the peer making the TCP connection,
> and the client making the HTTP request.  In other words, the nearest
> proxy and the end-user.  The latter is of course very easy to spoof,
> but is nevertheless the one most applications want.
> --------------end quote--------------------
> Is there any development underway in PHP to have both of these addresses
> available in the $_SESSION global variable?

It's only semi-official, but the whole proxy chain is usually available in

> Regards,
> John
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


Reply via email to