fix: correct login rate limiter key format to include IP address

2026-04-17 17:21:04 +00:00 · 2025-10-28 10:32:19 +01:00
parent f300ba0118
commit 65e5b2ecdb
1 changed files with 1 additions and 1 deletions
--- a/app/Providers/FortifyServiceProvider.php
+++ b/app/Providers/FortifyServiceProvider.php
@@ -139,7 +139,7 @@ class FortifyServiceProvider extends ServiceProvider
            // server('REMOTE_ADDR') gives the actual connecting IP before proxy headers
            $realIp = $request->server('REMOTE_ADDR') ?? $request->ip();

-            return Limit::perMinute(5)->by($email.$realIp);
+            return Limit::perMinute(5)->by($email.'|'.$realIp);
        });

        RateLimiter::for('two-factor', function (Request $request) {