Not a bad idea, I meant. :) Damon
> On Jan 31, 2018, at 2:02 PM, Damon Courtney <da...@tclhome.com> wrote: > > Wouldn’t you want to check the X-Forwarded-For header and use the user’s real > IP address instead? Not that your request isn’t valid, but you generally want > to ignore the IP address of your proxy and instead get the real IP. > Especially in your logs. You can make Apache do it automatically with > something like this in your config: > > <IfModule remoteip_module> > RemoteIPHeader X-Forwarded-For > </IfModule> > > Then Apache will pick up the header and use the real IP when logging and > everywhere else, including what Rivet sees in its environment. > > Proposing a patch to the session package is not a idea either. :) > > Damon > > >> On Jan 31, 2018, at 1:59 PM, Brice Hamon <normandvik...@gmail.com> wrote: >> >> Hi guys, >> >> We ran into a small problem and wanted to share our findings. >> >> We introduced http load balancers upstream of our apache servers to balance >> the requests. >> >> The result of this is that new user session were created randomly and that >> was an issue for us. >> >> The session package does a look up by IP and sessionID to identify a given >> user. >> But with the load balancers, the incoming IP is always the IP of one of the >> LB. >> >> So Rivet session was creating new session for that user, who was already >> logged in. >> >> We made a quick hack to disable the IP check and that solved the issue. >> We could have made the request sticky but we didn't want that in production. >> >> So should we make this session lookup by IP and sessionID optional with some >> type of flag? >> >> Thank you >> Brice. > --------------------------------------------------------------------- To unsubscribe, e-mail: rivet-dev-unsubscr...@tcl.apache.org For additional commands, e-mail: rivet-dev-h...@tcl.apache.org
