July 10, 2009

Real IP Problem and X-Forwarded-For header

Someone has been in a situation like this? I bet it

  • We need a way to know whether a user is logged in or not.
  • Easy as pie. Go on sessions with him.
  • We can't rely on the user's browser to allow cookies.
  • Well, we rely on the user's browser to have JavaScript, so why...?
  • I said no cookies. Use the IP address.