Menu

Topic-icon Acess denied - user session protection

  • texter
  • texter's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 3 weeks ago #7712 by texter
Hello Jose,
I hope you are well. I have a Problem with your component. Since about half a year the access to the backend of my site is blocked when logging in as an administrator (Error: user session protection). Access is only possible after the plugin has been deactivated in the database. There must be a bug somewhere.
Kind regards, Andreas

Please Log in or Create an account to join the conversation.

More
1 month 3 weeks ago #7713 by Jose
Replied by Jose on topic Acess denied - user session protection
Hi Andreas,

I hope you are well.

I'm fine thanks. I hope you and your family are fine too.

Since about half a year the access to the backend of my site is blocked when logging in as an administrator (Error: user session protection). Access is only possible after the plugin has been deactivated in the database. There must be a bug somewhere.

Some versions ago I improved the way to detect a session hijack. Now you can choose if this rule is applied when the user-agent AND the IP change(default) or when the user-agent OR the IP change. Default config can cause this "issue" if you are behind a proxy or cdn, so please change this config (Waf configuration -> User session protection tab):
Regards,
Jose
Attachments:

Please Log in or Create an account to join the conversation.

  • texter
  • texter's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 3 weeks ago #7714 by texter
Replied by texter on topic Acess denied - user session protection
Hello Jose,

in the attachment you can see my settings at this point (german version). The error occurs with these settings. Should I disable ths option?
Kind regards, Andreas
Attachments:

Please Log in or Create an account to join the conversation.

More
1 month 3 weeks ago #7715 by Jose
Replied by Jose on topic Acess denied - user session protection
Hi Andreas,

Settings seems to be ok with 'Session hijack' protection.
Do you login twice with the same account? The "User session protection" feature doesn't allow that, so if do you need to be logged twice with the same account you should disable this feature.

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.072 seconds
Powered by Kunena Forum

Login or Sign In