Joomla! Issue Tracker | Joomla! CMS #35901 - [4.0] Sessions terminated forcibly due to difference between $_SERVER['REMOTE

No Code Attached Yet

Closed
25 Oct 2021
Medium
Build: 4.0-dev
# 35901

sakiss
25 Oct 2021

Steps to reproduce the issue

Unfortunately i am not sure how to reproduce that on your end.

Though i will describe my findings.

My user sessions terminate on their own after a very short period (less than a minute).
After debugging, i found that the culprit is the function: Joomla\Session\Validator\AddressValidator::validate()
Seems like the: $this->session->get('session.client.address') is different to the server's REMOTE_ADDR $this->input->server->getString('REMOTE_ADDR', '')

Hence it throws an exception and terminates my sessions again and again.
Not sure why this happens but i suppose it's related to some reverse proxy between the client and the server.

Any input is welcome!

Expected result

Sessions to follow the session set duration

Actual result

forcible termination

System information (as much as possible)

J4.0.3
Hosted on apache sitting behind nginx.
Cloudflaire's CDN is used as well

Additional comments

sakiss - open - 25 Oct 2021

joomla-cms-bot - change - 25 Oct 2021

Labels

Added: No Code Attached Yet

joomla-cms-bot - labeled - 25 Oct 2021

brianteeman - comment - 25 Oct 2021

Did you already read and test the other issues regarding the use of the cloudflare cdn

sakiss - change - 25 Oct 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-10-25 19:00:10
Closed_By		⇒	sakiss

sakiss - close - 25 Oct 2021

sakiss - comment - 25 Oct 2021

Hi Brian
Thanks for pointing out. I was not aware that it's because of Cloudflaire.
I am closing that as a duplicate to #35244 and joomla-framework/session#54

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS