Skip to content
Browse files

Added verify_remote_ip option so that same-IP session checking can be…

… disabled if required
  • Loading branch information...
1 parent d734eec commit 147810c6a73e7ad07d9946d1eec91a23cf8f5f5a @helenst helenst committed
Showing with 10 additions and 4 deletions.
  1. +3 −2 tests/session_test.py
  2. +6 −1 tornadio2/router.py
  3. +1 −1 tornadio2/session.py
View
5 tests/session_test.py
@@ -23,7 +23,8 @@ def __init__(self, conn):
heartbeat_interval=12,
enabled_protocols=['websocket', 'flashsocket', 'xhr-polling',
'jsonp-polling', 'htmlfile'],
- xhr_polling_timeout=20
+ xhr_polling_timeout=20,
+ verify_remote_ip=True,
)
self.stats = stats.StatsCollector()
@@ -79,7 +80,7 @@ def on_message(self, message):
def on_event(self, name, args=[], kwargs=dict()):
if args:
self.events.append((name, args))
- self.emit(name, *args)
+ self.emit(name, *args)
else:
self.events.append((name, kwargs))
self.emit(name, **kwargs)
View
7 tornadio2/router.py
@@ -58,7 +58,12 @@
'global_heartbeats': True,
# Client timeout adjustment in seconds. If you see your clients disconnect without a
# reason, increase this value.
- 'client_timeout': 5
+ 'client_timeout': 5,
+ # Verify remote IP. May want to disable this for some setups. Some networks send traffic
+ # from same client, different IP each time. If you set this to False, TornadIO will not
+ # check the session ID against IP address. This has consequences for spoofing sessions and
+ # so on, so use with extreme caution.
+ 'verify_remote_ip': True,
}
View
2 tornadio2/session.py
@@ -145,7 +145,7 @@ def set_handler(self, handler):
return False
# If IP address don't match - refuse connection
- if handler.request.remote_ip != self.remote_ip:
+ if self.server.settings['verify_remote_ip'] and handler.request.remote_ip != self.remote_ip:
logging.error('Attempted to attach to session %s (%s) from different IP (%s)' % (
self.session_id,
self.remote_ip,

0 comments on commit 147810c

Please sign in to comment.
Something went wrong with that request. Please try again.