Re: Session IP address matching

From:	Stas Malyshev	Date:	Sat, 25 Jan 2014 10:44:45 +0000
Subject:	Re: Session IP address matching
References:	1 2 3 4 5	Groups:	php.internals
Request:	Send a blank email to internals+get-71555@lists.php.net to get a copy of this message

Hi!

> Still, that is not optimal. The desired effect is to call the session
> file something like:
> 
>     <session.name>_<REMOTE_ADDR(hash)>_<session_id>

I'm sure there's a reason why you want that, but I'm not sure I'm seeing
a generic use case for this for core. Why would most of the core users
care how the session files are named and require them named in a
specific way?

If you want to limit access to sessions to specific IPs only, there
already is an easy way to do it, by overriding SessionHandler. If you
want to make sessions stick to IP, there's also pretty easy way to do it
too. So I wonder - why change the core if it can already easily be done
with what we have?
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227


   

Thread (29 messages)

• Andrey AndreevSat, 25 Jan 2014 01:11:37 +0000
  • Stas MalyshevSat, 25 Jan 2014 01:20:27 +0000
  • Ferenc KovacsSat, 25 Jan 2014 01:40:28 +0000
    • Andrey AndreevSat, 25 Jan 2014 01:50:32 +0000
      • Stas MalyshevSat, 25 Jan 2014 01:57:06 +0000
        • Stas MalyshevSat, 25 Jan 2014 01:59:54 +0000
  • Andrea FauldsSat, 25 Jan 2014 02:21:42 +0000
    • Andrey AndreevSat, 25 Jan 2014 03:15:12 +0000
      • Lester CaineSat, 25 Jan 2014 09:54:01 +0000
      • Andreas HeiglSat, 25 Jan 2014 14:11:18 +0000
        • Ralf LangSat, 25 Jan 2014 14:35:39 +0000
          • Lester CaineSat, 25 Jan 2014 15:55:03 +0000
        • Andrey AndreevSat, 25 Jan 2014 16:30:17 +0000
          • Lester CaineSat, 25 Jan 2014 17:29:40 +0000
          • Patrick SchaafSat, 25 Jan 2014 20:21:09 +0000
            • Rick WidmerSat, 25 Jan 2014 20:35:34 +0000
              • Sanford WhitemanSat, 25 Jan 2014 21:07:39 +0000