Thread

Hi

I _know_ this is not 100% a EE problem, but rather a local config issue. Here is what is happening:

I am behind two company firewalls:

(Internet) <-> [Firewall:192.168.y.x/255.255.0.0] <-> [Firewall:192.168.10.10/255.255.255.0]

And this seems to screw up my session with EE. I get logged out all the time. The intervals are not predictable. It’s also a total log out. I do not get this nice login feature on top. I get a full login screen. Whatever I was doing is lost.

I tried all kind of session settings and not sure how to avoid this. Probably my IP is changing frequently (?) and this is the cause. Any tips how I can solve this?

(If I remember correctly CI has a config setting for the duration of a session I wonder if EE has somthing similiar?)

Sven

PS: Sorry - Can a mod move this post to the right section. I didn’t see that I am in “Pre-Sales”...Thanks

Hey 40FS,

No worries mate!

Moving over to the Community Help Forum.

Cheers,

Hi 40FS,

What version of EE are you using?

Have you tried changing the settings in “Admin > Security and Privacy > Security and Session Preferences > Control Panel Session Type” to “Cookies only” to see if it makes a difference for you?

This will give you the “Auto login” checkbox on the CP login screen which should keep you logged in at all times if you check it and login. Not sure if it will work in your situation but it’s worth a try if you haven’t done so already. I hope that helps.

Mike

Hi Mike,

EE is 2.4 and I have set it already to “cookies only” (figured that should be independent from IP) and checked the checkbox, but no change in behavior :( 

It also happens on all browsers (FF, Chrome, Safari, O,...haven’t tried IE) and is a real pain in the butt…if you don’t pay attention you are loosing all the changes you made.

Sven

Hey Sven,

Just to confirm: You are passed through a random, public-facing proxy IP for each page load?

EE looks at your IP address every time that you load a page and compares it to your session. If your proxy administrators cannot keep your connection on the same proxy, your best bet is probably to write (or get someone else to write) an extension that hooks into sessions_start and updates the IP address inside the “exp_sessions” table.

Of course, to maintain EE session security, you should only update for IPs within the proxy range. You could alternately decide to allow any/all IP addresses but that option may have security implications.

Chris

thanks you shed some bright light on this: I just spoke to some folks here and it turns out we have more then one network connection. So whats happening is that I never know through which provider I am connecting. It might change from one click to the next…

I have done some work with Codeigniter in the past, so I will look into the documentation and see if I am able to write something that will disable the IP check temporarily. During development security is less an issue. And once the site is out at the client server it could be set back.

Thanks a lot for putting me on the right track. Any tip for a good starting point on how to write extentions for EE?

Sven

Hey Sven,

Not to toot my horn too much but I wrote a bare-bones extension several weeks ago which uses the sessions_start hook to manipulate EE’s exp_sessions table:

https://www.epicvoyage.org/system/files/single_logon-0.1.zip

The project has been moderately expanded since then, and the new version is available on my site and devot-ee, but this should get you moving in the right direction since you have CodeIgniter experience. Active Record is, of course, your friend.

My suggestion is (pseudo-code): UPDATE exp_sessions SET ip_address = [current ip] WHERE member_id = $sess->userdata[‘member_id’].

Hey Sven,

It looks like an upgrade to 2.5 may solve this problem for you (if you want to go that route). http://ellislab.com/expressionengine/user-guide/changelog.html#version-2-5-0 says:

Removed IP requirement from sessions check to prevent logout issues for revolving IP addresses.

Unfortunately this is still happening to my users and we’ve upgraded to 2.5 On top of that, there are times when we are redirected to the login screen and cannot log back in until we have cleared cookies. It doesn’t happen much at all but IE and Chrome are horrible.

Luke,

I am not having a problem on 2.5, but then I am simulating a rotating IP by modifying the database table with a different address. The IP is updated as I would expect.

Just for the sake of it, I took a few minutes and built the extension recommended above:

https://www.epicvoyage.org/session_follows_ip-0.1.zip

Want to give that a try, to see if it fixes your problem?