Wouldn’t you want to check the X-Forwarded-For header and use the user’s real
IP address instead? Not that your request isn’t valid, but you generally want
to ignore the IP address of your proxy and instead get the real IP. Especially
in your logs. You can make Apache do it automatically with something like this
in your config:
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
</IfModule>
Then Apache will pick up the header and use the real IP when logging and
everywhere else, including what Rivet sees in its environment.
Proposing a patch to the session package is not a idea either. :)
Damon
> On Jan 31, 2018, at 1:59 PM, Brice Hamon <normandvik...@gmail.com> wrote:
>
> Hi guys,
>
> We ran into a small problem and wanted to share our findings.
>
> We introduced http load balancers upstream of our apache servers to balance
> the requests.
>
> The result of this is that new user session were created randomly and that
> was an issue for us.
>
> The session package does a look up by IP and sessionID to identify a given
> user.
> But with the load balancers, the incoming IP is always the IP of one of the
> LB.
>
> So Rivet session was creating new session for that user, who was already
> logged in.
>
> We made a quick hack to disable the IP check and that solved the issue.
> We could have made the request sticky but we didn't want that in production.
>
> So should we make this session lookup by IP and sessionID optional with some
> type of flag?
>
> Thank you
> Brice.
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org
For additional commands, e-mail: rivet-dev-h...@tcl.apache.org
