Look into the req.ip field in more depth and determine if it is an adequate way to uniquely identify users.
shalarewicz opened this issue · comments
There are numerous ways to get the IP address off of the request object.
The header x-forward-for
will hold the originating IP address if a proxy is placed in front of the server. This would be common for a production build.
req.ips
wwill hold an array of IP addresses inx-forward-for
header. Client is likely at index zeroreq.ip
will have the IP addressreq.socket.remoteAddress
is an instance ofnet.socket
which is used as another method of getting the IP addressreq.ip
andreq.ips
will work in express but not with other frameworks
This is similar but different to issue #38 . Consider handling these together.