0

My app is hosted on AWS Fargate, behind a load balancer. All incoming requests have the IP of this load balancer. It stores the original IP in the "X-Forwarded-For" header. Laravel can retrieve that easily.

I'm using the database driver for the auth session, and I noticed that it stores the IP address. If that IP address was correct, it would be very useful to me for other purposes.

So the question is: how can I customize the code that manages the session, so that instead of storing request()->ip(), it stores request()->header('X-Forwarded-For') ?

Thank you

Valentino
  • 465
  • 6
  • 17
  • Just to check: If I copy my cookies from my current browser(at work), and paste them in my remote pc(at home), It will log me in. So for me, it does not matter what ip-address is stored in the session. I did find some code in `vendor/laravel/framework/src/Illuminate/Session/DatabaseSessionHandler.php@238` which sets the session ip. How to extend this, however, I don't know – Techno Oct 28 '22 at 14:52
  • that's correct, it doesn't matter. But it would be useful elsewhere in my app – Valentino Oct 28 '22 at 15:07

1 Answers1

0

the solution was to do this. I don't fully understand why, but it works.

AWS Application Load Balancer real user ip problem

trusting my loadbalancer as a proxy apparently allows the request()->ip() method to retrieve the correct IP.

Valentino
  • 465
  • 6
  • 17