Look into the req.ip field in more depth and determine if it is an adequate way to uniquely identify users.

Question

Look into the req.ip field in more depth and determine if it is an adequate way to uniquely identify users.

shalarewicz opened this issue 2 years ago · comments

Stephan Halarewicz commented 2 years ago

There are numerous ways to get the IP address off of the request object.

The header x-forward-for will hold the originating IP address if a proxy is placed in front of the server. This would be common for a production build.

req.ips wwill hold an array of IP addresses in x-forward-for header. Client is likely at index zero
req.ip will have the IP address
req.socket.remoteAddress is an instance of net.socket which is used as another method of getting the IP address
req.ip and req.ips will work in express but not with other frameworks

Evan McNeely · Answer 1 · Sat Jun 04 2022 19:45:07 GMT+0800 (China Standard Time)

This is similar but different to issue #38 . Consider handling these together.