- Posts: 5
- Thank you received: 0
I'm fine thanks. I hope you and your family are fine too.
I hope you are well.
Some versions ago I improved the way to detect a session hijack. Now you can choose if this rule is applied when the user-agent AND the IP change(default) or when the user-agent OR the IP change. Default config can cause this "issue" if you are behind a proxy or cdn, so please change this config (Waf configuration -> User session protection tab):
Since about half a year the access to the backend of my site is blocked when logging in as an administrator (Error: user session protection). Access is only possible after the plugin has been deactivated in the database. There must be a bug somewhere.