PHPSessionID deleted in one minute

Plus

@martin_mulder508 Usually, that’s just due to the DNS cache not being purged yet. Try clearing your DNS cache or try from another device and it should work already.

@sandro But you can also do these changes in code. If you just need your own code to see the real IP, you can do it on the PHP level too. It’s just a matter of personal preference and where you are collecting the logs for example.

Sure, if you want useless log files :wink:

As the linked article suggests, rewriting IP addresses should take place on a webserver level. Only in that case you will have useful logs and consistent data. Everything else is rather a workaround or hack.

Well. In this case i think it should. As i check for the real ip to determine the existence of the session. If the ip changes during the session it is destroyed. So i use php to determine the ip that is connecting to cloudflare which is the original ip of the user. Which is stable so in this case is my solution. Using the http_cf_connecting_ip.

For the session management of PHP you’ll most likely have to rewrite the address properly and not just via the hack. That hack would only apply to PHP code itself.

I agree with that, but there are lots of possible scenarios why you might want to do this on a script level. For example, maybe you don’t have logs enabled on the web server level and have your own logs on the code/script level, or maybe you need custom logic or have a webserver that doesn’t support it.

In either case, both work the same way → extract the CF-Connecting-IP header and use it as the visitors’ IP. So if you’ve got custom logic that deletes the session from within the script when the IP is changing, then it can surely be done the way @martin_mulder508 did. If it’s not custom logic and rather a PHP feature, then you might want to do it on the webserver level, as PHP gets its data from the webserver.

In this case it is just a check for the ip nothing more. But I will check out the serverside option to. But this is the fast fix to make it run (i hope as i have not yet had the opertunity to test). But the server option aa described, well i dont understand it (yet) so i need time to figur out what they need me to do …

1 Like

Sure, but if there is the possibility to do it in the “correct” fashion, one should go for it. Particularly in this case the OP will have to do it on server level as that’s where the default session management takes it from.

It adds a plugin to your server which rewrites the address on a server level and from there on every other plugin (including logging) gets the right address. Really just a matter of minutes, all you need is access to the server configuration.

1 Like

Basically, there should be a guide for the most common servers (Apache/NGINX) on which you could install a plugin that does all of that for you.

To test it: Try clearing your DNS cache (in your browser is enough most of the times) or wait a little bit and the connection should go through Cloudflare if you’ve enabled it in your dashboard (:norange:) and you should be good to go! :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.