Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71540
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 16414 invoked from network); 25 Jan 2014 01:20:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Jan 2014 01:20:31 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.155 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 67.192.241.155 smtp155.dfw.emailsrvr.com Linux 2.6
Received: from [67.192.241.155] ([67.192.241.155:57182] helo=smtp155.dfw.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E5/D0-11879-E5113E25 for <internals@lists.php.net>; Fri, 24 Jan 2014 20:20:31 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp32.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id E7AC5507F6;
	Fri, 24 Jan 2014 20:20:27 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp32.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id AEB8A504EE;
	Fri, 24 Jan 2014 20:20:27 -0500 (EST)
Message-ID: <52E3115B.3010902@sugarcrm.com>
Date: Fri, 24 Jan 2014 17:20:27 -0800
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Andrey Andreev <narf@devilix.net>, 
 "internals@lists.php.net" <internals@lists.php.net>
References: <CAPhkiZyMULFgCoTaaqtwx_34ovTX-36dTdVUgMXE_aWPd5O+WQ@mail.gmail.com>
In-Reply-To: <CAPhkiZyMULFgCoTaaqtwx_34ovTX-36dTdVUgMXE_aWPd5O+WQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Session IP address matching
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Yes, one can write a custom session handler, but there's a number of
> problems with that:

Wouldn't using SessionHandler and overriding just, say, read() and
adding the IP check there solve this issue? You don't have to bother
with implementing the whole handler, it stays the same but you can check
the IP after the session is loaded (or before if you wish, depending on
what you check does).

-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227