[TYPO3-core] Lock IP Clause with ipv6
Benjamin Mack
benni at typo3.org
Tue Jun 3 11:23:48 CEST 2014
Hey fellas,
as my internet from home is now running with IPv6 natively, my
be_sessions and fe_sessions in TYPO3 are using the IPv6 style
information, however, it seems like we don't take this into account when
working with the LockIP option in TYPO3_CONF_VARS.
The default settings are:
$TYPO3_CONF_VARS[BE][lockIP] = 4;
$TYPO3_CONF_VARS[FE][lockIP] = 2;
The code in the AbstractUserAuthentication does a check that if lockIP
is less than 4, it will split the getIndpEnv('REMOTE_ADDR') via the dots
".".
This does not seem to work for FE sessions in a practical manner as the
full IP is then stored in the DB, as the explode('.', ...) does not work
for ipv6.
First, I think it might make sense to find a way to identify whether
we're running with ipv6 or ipv4 (and maybe from localhost or CLI as
well), and put this into getIndpEnv().
Additionally, we need to find a more robust way to deal with the lockIP
options. What do you think? Any ideas?
All the best,
Benni.
More information about the TYPO3-team-core
mailing list