[horde] strange forced logout
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Fri Jul 12 12:48:52 UTC 2013
Zitat von Jan Schneider <jan at horde.org>:
> Zitat von l.kiraly at madalbal.hu:
>
>> Idézet (Andreas Schulze <sca at andreasschulze.de>):
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>
>>>>> I guess it was the checkip option, but I didn't see any message
>>>>> about bad ip addresses in the debug log.
>>>>
>>>> I'm not sure you would see it in the logs, but I definitely get a
>>>> logout message about a changed IP if this is what happens.
>>>
>>> Hello,
>>>
>>> the "checkip option" verify if an authenticated session changes to
>>> an other source ip address.
>>> That mean usualy the session was hijacked.
>>>
>>> But there is a second case:
>>> imagine users using a proxy.
>>> imagine *really many* users using a proxy: the proxy will be a
>>> farm of proxies.
>>> The user no longer talk to a dedicated proxy but to a loadbalancer.
>>
>> In this chase it isn't the problem. There is only one proxy with
>> one ip address.
>>
>> I think the problem is that the proxy's ip has a lot of domain
>> names in the dns,
>> and maybe the Net_DNS2_Resolver resolves sometimes to different domain name.
>>
>> Could this be the problem?
>
> No, the domain name doesn't matter, only the IP address is used.
What about multiple sessions per user? As far as i rember we also
started having problems with the IP check at the time we tested all
the new sync possibilties like CalDAV, ActiveSync, iCal etc. With this
we have sessions for the same user from different IP addresses.
Regards
Andreas
More information about the horde
mailing list