diff --git a/docs/Zebra_Session/Zebra_Session.html b/docs/Zebra_Session/Zebra_Session.html index 48520f6..758539c 100644 --- a/docs/Zebra_Session/Zebra_Session.html +++ b/docs/Zebra_Session/Zebra_Session.html @@ -75,6 +75,10 @@

Copyright:

+

Implements interfaces:

+

Methods

@@ -207,17 +211,27 @@
Arguments
boolean|callable $lock_to_ip -

(Optional) Whether to restrict the session to the same IP as when the session was first opened.

For the actual IP address that is going to be used, the library will check these entries in the $_SERVER superglobal, in this particular order:

- HTTP_CLIENT_IP
- HTTP_X_FORWARDED_FOR
- HTTP_X_FORWARDED
- HTTP_FORWARDED_FOR
- HTTP_FORWARDED
- REMOTE_ADDR

...and use whichever returns a result first.

If you have this turned on but the above logic doesn't get you the IP address that you need, you can pass a callable function and whatever result returned by said function will be used as IP address (it doesn't even need to be an actual IP address but rather anything unique identifying a specific user)

  1. new Zebra_Session(
    2. +

    (Optional) Whether to restrict the session to the same IP as when the session was first opened.

    For the actual IP address that is going to be used, the library will use the value of $_SERVER['REMOTE_ADDR'].

    If your application is behind a load balancer like an AWS Elastic Load Balancing or a reverse proxy like Varnish, certain request information will be sent using either the standard Forwarded header or the X-Forwarded-* headers. In this case, the REMOTE_ADDR header will likely be the IP address of your reverse proxy while the user's true IP will be stored in a standard Forwarded header or an X-Forwarded-For header.

    In this case you will need to tell the library which reverse proxy IP addresses to trust and what headers your reverse proxy uses to send information by using a callable value for this argument:

    1. new Zebra_Session(
    2.     $link,
    3.     'someSecur1tyCode!',
    4.     0,
    5.     false,
      6. +
    6.  
    7.     // one way of using a callable for this argument
    8.     function({
      9. -
    9.         return $_SERVER['whateverYouWant'];
      10. +
    10.         $ipaddress '';
      11. +
    11.         // use the header(s) you choose to trust
      12. +
    12.         foreach (['HTTP_X_FORWARDED_FOR''HTTP_X_FORWARDED''HTTP_FORWARDED_FOR''HTTP_FORWARDED'as $key{
      13. +
    13.             // use the first one containing a value
      14. +
    14.             if (($tmp getenv($key))) {
      15. +
    15.                 $ipaddress $tmp;
      16. +
    16.                 break;
      17. +
    17.             }
      18. +
    18.         }
      19. +
    19.         return $ipaddress;
    20.     }
    21. );
      22. -

    Use this with caution as users may have a dynamic IP address which may change over time, or may come through proxies. This is mostly useful if you know that all your users come from static IPs.

    Default is false

    +

Default is false

int @@ -381,7 +395,7 @@
Tags
diff --git a/docs/elementindex_Zebra_Session.html b/docs/elementindex_Zebra_Session.html index 106daa0..71c98b7 100644 --- a/docs/elementindex_Zebra_Session.html +++ b/docs/elementindex_Zebra_Session.html @@ -119,7 +119,7 @@

z

diff --git a/docs/index.html b/docs/index.html index 75849f6..d058636 100644 --- a/docs/index.html +++ b/docs/index.html @@ -63,7 +63,7 @@

Zebra_Session - a wrapper for PHP's default session handling functions,