Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DB storage with load balancer #70

Open
Ole73 opened this issue Aug 8, 2017 · 1 comment
Open

DB storage with load balancer #70

Ole73 opened this issue Aug 8, 2017 · 1 comment
Assignees
@dapphp
Milestone
4.0

Comments

@Ole73
Copy link

Ole73 commented Aug 8, 2017

I got some problems get securimage working in combination with a load balancer. Normal session validation only works by writing them to database. And $_SERVER['REMOTE_ADDR'], which is used as identifier in db also doesn't return the endusers ip, but one of the loadbalancing server. So, captcha code validates only each x times, hitting the right server..
Quick and easy solution for me was to enable db storage, disable session storage, but do an initial session_start() and then replace each $_SERVER['REMOTE_ADDR'] with session_id() in securimage.php
@dapphp
Copy link
Owner

dapphp commented Aug 16, 2017

Hi Ole73,

Sorry for the delayed response. This is a valid issue. To overcome it, the latest version (currently in branch nextgen) creates a unique captcha ID along with each code it generates. The form now must submit a hidden captcha ID input as well as the code. On an unrelated but similar note, I also introduced "storage adapters" so there's a uniform interface to code storage be it in the session, database, memcached, redis or elsewhere. This makes it easy to change your storage backend to a database to get around other session issues with load balancing.

The nextgen branch is production ready and I've been using that code base on a number of sites, and in the WordPress plugin. Unfortunately it hasn't been merged because I haven't done the documentation and site updates.

I'd encourage you to give the nextgen branch a try.

In the securimage config, set 'no_session' => true, and 'use_database' => true, and then set the 'database_driver' => Securimage::SI_DRIVER_MYSQL, as appropriate. It will use PDO_* for connecting. See https://github.com/dapphp/securimage/blob/nextgen/config.inc.php.SAMPLE and the following examples from the WordPress plugin may help as well:

https://plugins.trac.wordpress.org/browser/securimage-wp/trunk/securimage-wp.php#L415
https://plugins.trac.wordpress.org/browser/securimage-wp/trunk/lib/siwp_captcha.php

If you use PDO MySQL, you can ignore the part about the WordPress storage adapter and set use_database, and the database options and it'll do the rest, no need to specify anything special there. But if you want to write your own or piggy back off an existing DB connection, have a look at https://plugins.trac.wordpress.org/browser/securimage-wp/trunk/lib/StorageAdapter/Wordpress.php and https://github.com/dapphp/securimage/tree/nextgen/StorageAdapter

Sorry for the lack of documentation and hiding away this ready to go version.

Please don't hesitate to get in contact with me directly if you want to try this version and have any questions.

@dapphp dapphp added this to the 4.0 milestone Aug 16, 2017
@dapphp dapphp self-assigned this Aug 16, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dapphp dapphp

Labels
None yet
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
2 participants
@dapphp @Ole73