[horde] strange forced logout
Jan Schneider
jan at horde.org
Fri Jul 12 13:25:35 UTC 2013
Zitat von lst_hoe02 at kwsoft.de:
> Zitat von Jan Schneider <jan at horde.org>:
>
>> Zitat von l.kiraly at madalbal.hu:
>>
>>> Idézet (Andreas Schulze <sca at andreasschulze.de>):
>>>
>>>> Zitat von Jan Schneider <jan at horde.org>:
>>>>
>>>>>> I guess it was the checkip option, but I didn't see any message
>>>>>> about bad ip addresses in the debug log.
>>>>>
>>>>> I'm not sure you would see it in the logs, but I definitely get
>>>>> a logout message about a changed IP if this is what happens.
>>>>
>>>> Hello,
>>>>
>>>> the "checkip option" verify if an authenticated session changes
>>>> to an other source ip address.
>>>> That mean usualy the session was hijacked.
>>>>
>>>> But there is a second case:
>>>> imagine users using a proxy.
>>>> imagine *really many* users using a proxy: the proxy will be a
>>>> farm of proxies.
>>>> The user no longer talk to a dedicated proxy but to a loadbalancer.
>>>
>>> In this chase it isn't the problem. There is only one proxy with
>>> one ip address.
>>>
>>> I think the problem is that the proxy's ip has a lot of domain
>>> names in the dns,
>>> and maybe the Net_DNS2_Resolver resolves sometimes to different
>>> domain name.
>>>
>>> Could this be the problem?
>>
>> No, the domain name doesn't matter, only the IP address is used.
>
> What about multiple sessions per user? As far as i rember we also
> started having problems with the IP check at the time we tested all
> the new sync possibilties like CalDAV, ActiveSync, iCal etc. With
> this we have sessions for the same user from different IP addresses.
>
> Regards
>
> Andreas
Doesn't matter, there are no limits to sessions per user.
--
Jan Schneider
The Horde Project
http://www.horde.org/
More information about the horde
mailing list