Add new $config->sessionForceIP property that lets you override the return value of $session->getIP()

2025-08-22 14:23:05 +02:00 · 2019-04-19 09:16:58 -04:00
parent 0b98667bc9
commit 761c7640c7
6 changed files with 50 additions and 10 deletions
--- a/wire/config.php
+++ b/wire/config.php
@@ -301,6 +301,30 @@ $config->sessionChallenge = true;
 */
 $config->sessionFingerprint = 1;

+/**
+ * Force current session IP address (overriding auto-detect)
+ * 
+ * This overrides the return value of `$session->getIP()` method.
+ * Use this property only for setting the IP address. To get the IP address
+ * always use the `$session->getIP()` method instead. 
+ * 
+ * This is useful if you are in an environment where the remote IP address 
+ * comes from some property other than the REMOTE_ADDR in $_SERVER. For instance,
+ * if you are using a load balancer, what’s usually detected as the IP address is
+ * actually the IP address between the load balancer and the server, rather than
+ * the client IP address. So in that case, you’d want to set this property as
+ * follows:
+ * ~~~~~
+ * $config->sessionForceIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
+ * ~~~~~
+ * If you don’t have a specific need to override the IP address of the user
+ * then you should leave this blank.
+ * 
+ * @var string
+ * 
+ */
+$config->sessionForceIP = '';
+
 /**
 * Use secure cookies when on HTTPS?
 *