Changing IP address and Sessions
Permalink
Hi All,
I've got a very strange scenario happening with one of my clients. Essentially they use a shared internet connection within a large office building. I've no idea why but their public IP changes almost minute by minute.
The client is able to login perfectly fine, however by the time they've arrived at a page and made some edits their external IP changes and they're getting a load of huge red text displayed in an error box.
I believe this is some sort of XSS protection but I'm not sure. I would speculate that this is possibly introduced in 5.6 as per Andrew's response here :http://www.concrete5.org/developers/bugs/5-5-2-1/session-hijacking-...
Has anyone else experienced this and is there any way to allow C5 sessions to handle changing IP's ?
It's a very strange scenario - but sadly Wordpress handles it nicely (probably for all the wrong reasons) so I'm now getting headache for deploying C5.
Any ideas ?
Cheers,
Mike
I've got a very strange scenario happening with one of my clients. Essentially they use a shared internet connection within a large office building. I've no idea why but their public IP changes almost minute by minute.
The client is able to login perfectly fine, however by the time they've arrived at a page and made some edits their external IP changes and they're getting a load of huge red text displayed in an error box.
I believe this is some sort of XSS protection but I'm not sure. I would speculate that this is possibly introduced in 5.6 as per Andrew's response here :http://www.concrete5.org/developers/bugs/5-5-2-1/session-hijacking-...
Has anyone else experienced this and is there any way to allow C5 sessions to handle changing IP's ?
It's a very strange scenario - but sadly Wordpress handles it nicely (probably for all the wrong reasons) so I'm now getting headache for deploying C5.
Any ideas ?
Cheers,
Mike
We've got this happening at a corp. client, who we went to great lengths to convince of the merits of Concrete5; ease of use, reliability, etc... Now... not so much :(
I really don't mind if a fix makes C5 less secure, because currently, less secure is better than a "can't use, should have deployed WordPress" scenario.
Anyone have some advice?