We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

CDN + ExpressionEngine 2 = Login Cookie problem... users get bounced out of their session.

March 17, 2012 9:14am

Subscribe [1]

  • #1 / Mar 17, 2012 9:14am

    Trend Hunter

    81 posts

    We’ve just upgraded to EE 2.3 and everything works fine EXCEPT when our IP is mapped to our CDN (which we’ve used for years). When mapped to the CDN users can login but then their session ends when they are redirected past the EE login screen. 

    So, in short, we need to figure out how to let EE 2 keep a session with a user even if the user’s requests change IP addresses, which happens when using a CDN…. 

    The sequence of events seems to be the following.
    =================================================
    1. end-user username/password are POST’ed to our login page: http://www.trendhunter.com/

    2. the origin server (trendhunter.com/EE2) responds with multiple Set-Cookie headers (such as exp_sessionid, exp_expiration, exp_anon, exp_last_activity, exp_last_visit)  (this happens at the EE login page that says you’ve been logged in)

    3. the end-user is redirected to http://www.trendhunter.com/community (or any other trend hunter page) where the cookies from step 2 are used in the request.

    The problem seems to be that the load balancer/origin is expecting the POST request from step #1 (”/”) and the request from step #3 (”/community”) to originate from the same server IP. That might not happen in a CDN environment since URLs are load balanced across real servers in a pop location. For instance, the resource “/” might be requested from server A and the resource “/community” might be requested from server B. It seems like the exp_sessionid cookie tracks the IP address of the server at login, and if the cookie is reused from a server with a different IP then the cookie is rejected.

    ======================

    We are using cookies right now, and looking for any solution… Thanks!

  • #2 / Mar 18, 2012 8:01am

    Sean C. Smith

    3818 posts

    Hi Trend Hunter,

    I’m sorry that your users are having login trouble with dynamic IPs. Could you try adding the following to your config.php file? The first two lines will change login session types to cookies only and then next two remove the requirement for a static IP.

    $config['admin_session_type'] = "c";
$config['user_session_type'] = "c";
$config['require_ip_for_login'] = "n";
$config['require_ip_for_posting'] = "n";

    Does that help?

    Sean

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register