Session Swapping during login

Moderator: crythias

Locked
tatasteel
Znuny newbie
Posts: 1
Joined: 08 Jan 2015, 06:47
Znuny Version: 4.0.3
Real Name: Chandanasish Mishra
Company: tata Steel

Session Swapping during login

Post by tatasteel »

dear all please help us. we are useing otrs 4.0.3. frequently session swap between two users.
e,g
when somebody started working with some id filling up some faq suddenly session swap and the faq is being saved with different id. this occurrence have happened multiple time. and we got the following error in otrs log
[Wed Jan 7 17:53:21 2015][Notice][Kernel::System::Auth::DB::Auth] User: osj1088 authentication ok (Method: sha256, REMOTE_ADDR: 144.0.181.18).
[Wed Jan 7 17:56:49 2015][Notice][Kernel::System::AuthSession::DB::CheckSessionID] SessionID: 'jJ9P6mcgnrjWdQWuMjAIesLj00In4sRo' is invalid!!!

I am using following configuration in Framework -> Core::Session

SessionModule -db
SessionName - OTRSAgentInterface
CustomerPanelSessionName -OTRSCustomerInterface
SessionCheckRemoteIP-No
SessionDeleteIfNotRemoteID -No
SessionMaxTime-57600
SessionMaxIdleTime-21600
SessionActiveTime-600
SessionDeleteIfTimeToOld-yes
SessionUseCookie-No
SessionUseCookieAfterBrowserClose-no
SessionCSRFProtection-Yes
AgentSessionLimit-1000
AgentSessionPerUserLimit-10
CustomerSessionLimit-100
CustomerSessionPerUserLimit-20
SessionDir-<OTRS_CONFIG_Home>/var/sessions
SessionTable-sessions
Top
Rooobaaat
Znuny wizard
Posts: 432
Joined: 11 Sep 2014, 16:28
Znuny Version: OTRS 5.0.x

Re: Session Swapping during login

Post by Rooobaaat »

Set SessionCheckRemoteIP from No to Yes.
My english is better than your german :P

"Produktiv": OTRS: 5.0.x, OTRS::ITSM 5.0.x
"Testing": OTRS 6 git
OS: Debian 8.0 (Jessie)
Apache2.4.10/MySQL 5.5.41
Top
Locked

Return to “Help”