XF 1.2 Installing on Heroku, login issues

[SteamPunkProgrammer]

I'm trying to get xenforo to run on a heroku app.


its all but working and I've just hit a major snag.

Its installed, its running, I can view things, but I cant login, or better put I can't 'stay' logged in, I attempt to log into the control panel and I see the spinner go, then I return back to the main page. I have managed to login a few times but clicking anything returns me back to the login page. I've managed to do this by clearing all my cookiees and all session information in the database. I've ensured the cookiees are pathed correctly so thats not the issue. I'm at a loss and would really like some help.

 

[SteamPunkProgrammer]

still having issues, I suspect its not specifically related to heroku, as it installed fine and I can get it to work every once in awhile when I clear cookiees and sessions.

 

[Mike]

If you can't stay logged in, it's probably an issue with the IP address, assuming there's a reverse proxy in play. You need to figure out what contains the original IP and set that to $_SERVER['REMOTE_ADDR'] in config.php. The Heroku guys should be able to tell you what header has the original IP. (Or you could make a PHP info file to dump all the available bits.)

If you want to submit a ticket with user login details (and perhaps FTP or equivalent), we can have a look.

 

[SteamPunkProgrammer]

If you can't stay logged in, it's probably an issue with the IP address, assuming there's a reverse proxy in play. You need to figure out what contains the original IP and set that to $_SERVER['REMOTE_ADDR'] in config.php. The Heroku guys should be able to tell you what header has the original IP. (Or you could make a PHP info file to dump all the available bits.)

If you want to submit a ticket with user login details (and perhaps FTP or equivalent), we can have a look.

Oh thank god, you pointed me in the right direction, its working now!

But the question is, what if that changes? I'm pretty sure the clusters move around on heroku and the IP address might change.

 

[Mike]

It's not the IP of the Heroku instance - it's the IP of the person hitting the page. We attach sessions to IPs (well, a /24) for a bit of extra security. As long as you're getting the original IP of the person, you'll be fine.

 

[SteamPunkProgrammer]

ah I get it, so I need to use phpinfo() to find my own IP address (in the case of heroku I can get it from _SERVER["HTTP_X_FORWARDED_FOR"]) and set $_SERVER['REMOTE_ADDR'] to that, to kinda pass it along?

 

[Mike]

Yeah.

if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}

Note that there are some theoretical concerns with this -- it essentially trusts the X-Forwarded-For header, which is ok if it's been set by Heroku. Theoretically, if there already was a X-Forwarded-For header, it may not give the correct value in the REMOTE_ADDR. If you're always accessing through Heroku, I don't think this should be an issue.