[TYPO3-core] Lock IP Clause with ipv6

Benjamin Mack benni at typo3.org
Tue Jun 3 11:23:48 CEST 2014

Hey fellas,

as my internet from home is now running with IPv6 natively, my
be_sessions and fe_sessions in TYPO3 are using the IPv6 style
information, however, it seems like we don't take this into account when
working with the LockIP option in TYPO3_CONF_VARS.

The default settings are:

$TYPO3_CONF_VARS[BE][lockIP] = 4;
$TYPO3_CONF_VARS[FE][lockIP] = 2;

The code in the AbstractUserAuthentication does a check that if lockIP
is less than 4, it will split the getIndpEnv('REMOTE_ADDR') via the dots

This does not seem to work for FE sessions in a practical manner as the
full IP is then stored in the DB, as the explode('.', ...) does not work
for ipv6.

First, I think it might make sense to find a way to identify whether
we're running with ipv6 or ipv4 (and maybe from localhost or CLI as
well), and put this into getIndpEnv().

Additionally, we need to find a more robust way to deal with the lockIP
options. What do you think? Any ideas?

All the best,

More information about the TYPO3-team-core mailing list