Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zebra_session could be use in AWS ALB? #43

Closed
testkimid opened this issue Apr 6, 2022 · 6 comments
Closed

zebra_session could be use in AWS ALB? #43

testkimid opened this issue Apr 6, 2022 · 6 comments

Comments

@testkimid
Copy link

Hi, zebra_session could be use in AWS ALB and AWS WEB Searver Auto Scaling ?
AWS ALB will be not operate in stikey session mode.
@stefangabos
Copy link
Owner

i'm sorry, i have no experience with any of those

@awjudd
Copy link

awjudd commented Oct 10, 2022

I believe that it should be able to be used in conjunction with the ALB. If you set a sticky session on your ALB, then it will automatically create a cookie with the specific server you were connecting to, therefore making it so you always return to that server (when the load balancer sees it). This package will write a session that is stored in the database instead of local file system making it so that even without persistent/sticky session it's available to any servers that reference it.

@dvelopin
Copy link
Contributor

dvelopin commented Jun 12, 2024
edited
Loading

I realize this is old, but I use this class with several AWS Elastic Beanstalk applications which use the AWS Application Load Balancer. To accomplish locking to IP in this environment, a couple changes need to be made to the class.

First add a new private function for getting the end user's ip address:

private function getIPAddress() { $ipaddress = ''; if (getenv('HTTP_CLIENT_IP')) { $ipaddress = getenv('HTTP_CLIENT_IP'); } else if (getenv('HTTP_X_FORWARDED_FOR')) { $ipaddress = getenv('HTTP_X_FORWARDED_FOR'); } else if (getenv('HTTP_X_FORWARDED')) { $ipaddress = getenv('HTTP_X_FORWARDED'); } else if (getenv('HTTP_FORWARDED_FOR')) { $ipaddress = getenv('HTTP_FORWARDED_FOR'); } else if (getenv('HTTP_FORWARDED')) { $ipaddress = getenv('HTTP_FORWARDED'); } else if (getenv('REMOTE_ADDR')) { $ipaddress = getenv('REMOTE_ADDR'); } return $ipaddress; }

Then update the places where $_SERVER['REMOTE_ADDR'] is used.

Change this:

if ($this->lock_to_ip && isset($_SERVER['REMOTE_ADDR'])) { $hash .= $_SERVER['REMOTE_ADDR']; }

To this:

if ($this->lock_to_ip && $this->getIPAddress() != '') { $hash .= $this->getIPAddress(); }

And change this:

md5( ($this->lock_to_user_agent && isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . ($this->lock_to_ip && isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '') . $this->security_code ),

To this:

md5( ($this->lock_to_user_agent && isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . ($this->lock_to_ip && $this->getIPAddress() != '' ? $this->getIPAddress() : '') . $this->security_code ),

This will now use the correct remote IP and lock_to_ip will work properly.

@stefangabos
Copy link
Owner

this looks nice and I see no problem in adding this to the code as i don't think this should affect general usage of the library

@stefangabos
Copy link
Owner

see #54

stefangabos added a commit that referenced this issue Sep 8, 2024
@stefangabos
More updates following the conversation on #56 - this reverts the fix…
38b6bb9 
… for #54 and #43 and provides a more secure - but different - way for handling your app being behind a load balancer or a reverse proxy
@stefangabos
Copy link
Owner

There's a new way of doing this, the previous solution (#54) was removed. Use instead a callable for the lock_to_ip argument in the constructor. See the docs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stefangabos @awjudd @dvelopin @testkimid