From 496252900603497f8c3486df0c176d1a625d6972 Mon Sep 17 00:00:00 2001 From: Michael Snoyman Date: Mon, 30 Jan 2012 13:01:34 +0200 Subject: [PATCH] sessionIpAddress False by default (#243) --- yesod-core/Yesod/Internal/Core.hs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/yesod-core/Yesod/Internal/Core.hs b/yesod-core/Yesod/Internal/Core.hs index 26d4ccf1..a85839f0 100644 --- a/yesod-core/Yesod/Internal/Core.hs +++ b/yesod-core/Yesod/Internal/Core.hs @@ -254,9 +254,13 @@ class RenderRoute a => Yesod a where addStaticContent _ _ _ = return Nothing -- | Whether or not to tie a session to a specific IP address. Defaults to - -- 'True'. + -- 'False'. + -- + -- Note: This setting has two known problems: it does not work correctly + -- when behind a reverse proxy (including load balancers), and it may not + -- function correctly if the user is behind a proxy. sessionIpAddress :: a -> Bool - sessionIpAddress _ = True + sessionIpAddress _ = False -- | The path value to set for cookies. By default, uses \"\/\", meaning -- cookies will be sent to every page on the current domain.