diff --git a/docs/Zebra_Session/Zebra_Session.html b/docs/Zebra_Session/Zebra_Session.html index 48520f6..758539c 100644 --- a/docs/Zebra_Session/Zebra_Session.html +++ b/docs/Zebra_Session/Zebra_Session.html @@ -75,6 +75,10 @@
Implements interfaces:
+(Optional) Whether to restrict the session to the same IP as when the session was first opened.
For the actual IP address that is going to be used, the library will check these entries in the $_SERVER superglobal, in this particular order:
- HTTP_CLIENT_IP
- HTTP_X_FORWARDED_FOR
- HTTP_X_FORWARDED
- HTTP_FORWARDED_FOR
- HTTP_FORWARDED
- REMOTE_ADDR
...and use whichever returns a result first.
If you have this turned on but the above logic doesn't get you the IP address that you need, you can pass a callable function and whatever result returned by said function will be used as IP address (it doesn't even need to be an actual IP address but rather anything unique identifying a specific user)
(Optional) Whether to restrict the session to the same IP as when the session was first opened.
For the actual IP address that is going to be used, the library will use the value of $_SERVER['REMOTE_ADDR']
.
If your application is behind a load balancer like an AWS Elastic Load Balancing or a reverse proxy like Varnish, certain request information will be sent using either the standard Forwarded
header or the X-Forwarded-*
headers. In this case, the REMOTE_ADDR
header will likely be the IP address of your reverse proxy while the user's true IP will be stored in a standard Forwarded
header or an X-Forwarded-For
header.
In this case you will need to tell the library which reverse proxy IP addresses to trust and what headers your reverse proxy uses to send information by using a callable
value for this argument:
Use this with caution as users may have a dynamic IP address which may change over time, or may come through proxies. This is mostly useful if you know that all your users come from static IPs.
Default is false
Default is false