fix: correct login rate limiter key format to include IP address

2025-10-28 10:32:19 +01:00 · 2025-10-28 10:32:19 +01:00 · 65e5b2ecdb
commit 65e5b2ecdb
parent f300ba0118
1 changed files with 1 additions and 1 deletions
--- a/app/Providers/FortifyServiceProvider.php
+++ b/app/Providers/FortifyServiceProvider.php
@ -139,7 +139,7 @@ public function boot(): void
            // server('REMOTE_ADDR') gives the actual connecting IP before proxy headers
            $realIp = $request->server('REMOTE_ADDR') ?? $request->ip();

-            return Limit::perMinute(5)->by($email.$realIp);
+            return Limit::perMinute(5)->by($email.'|'.$realIp);
        });

        RateLimiter::for('two-factor', function (Request $request) {