Thank you Damon. This is an interesting suggestion. I'll look into it and report.
Thanks again, Brice. On Wed, Jan 31, 2018 at 3:09 PM, Damon Courtney <da...@tclhome.com> wrote: > Not a bad idea, I meant. :) > > Damon > > > > On Jan 31, 2018, at 2:02 PM, Damon Courtney <da...@tclhome.com> wrote: > > > > Wouldn’t you want to check the X-Forwarded-For header and use the user’s > real IP address instead? Not that your request isn’t valid, but you > generally want to ignore the IP address of your proxy and instead get the > real IP. Especially in your logs. You can make Apache do it automatically > with something like this in your config: > > > > <IfModule remoteip_module> > > RemoteIPHeader X-Forwarded-For > > </IfModule> > > > > Then Apache will pick up the header and use the real IP when logging and > everywhere else, including what Rivet sees in its environment. > > > > Proposing a patch to the session package is not a idea either. :) > > > > Damon > > > > > >> On Jan 31, 2018, at 1:59 PM, Brice Hamon <normandvik...@gmail.com> > wrote: > >> > >> Hi guys, > >> > >> We ran into a small problem and wanted to share our findings. > >> > >> We introduced http load balancers upstream of our apache servers to > balance the requests. > >> > >> The result of this is that new user session were created randomly and > that was an issue for us. > >> > >> The session package does a look up by IP and sessionID to identify a > given user. > >> But with the load balancers, the incoming IP is always the IP of one of > the LB. > >> > >> So Rivet session was creating new session for that user, who was > already logged in. > >> > >> We made a quick hack to disable the IP check and that solved the issue. > >> We could have made the request sticky but we didn't want that in > production. > >> > >> So should we make this session lookup by IP and sessionID optional with > some type of flag? > >> > >> Thank you > >> Brice. > > > >
