/** * validate session by ip address */ public function _validate() { $ip = self::get('session.client.address'); if ($ip === null) { self::set('session.client.address', $_SERVER['REMOTE_ADDR']); } elseif ($_SERVER['REMOTE_ADDR'] !== $ip) { self::$_state = 'error'; return false; } // Record proxy forwarded for in the session in case we need it later if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { self::set('session.client.forwarded', $_SERVER['HTTP_X_FORWARDED_FOR']); } return true; }