Does anybody know what would need to be done in order to extend akrabat/rka-slim-session-middleware so that the session is bound to an IP address? Ie: I’d like the user to be logged out if/when their IP address changes.
Sorry for the basic question, I don’t have much experience writing session handling code and since this is important (security wise), I’d like to get it right.
I guess the simplest way to compare the current IP address to the IP address used when you created the session originally.
$session = new \RKA\Session();
if (empty($session->ip_address) {
$session->ip_address = 'something';
} else if ($session->ip_address != 'something') {
unset($_SESSION);
session_regeneration_id();
//redirect probably.
}
And right you are, why complicate matters when simple will do. I’m not sure why I made this out to be much more complicated while thinking about this. Thanks!