Page MenuHomePhabricator
Create Task
Maniphest T88224

Session gets killed after switch between IPv4 and corresponding IPv6
Closed, DuplicatePublic
Actions

Description

A user reported getting kicked out of OTRS all the time. Several other users reported similar issues recently, but I haven't been able to pinpoint all of them because, as OTRS admins, we can only see the latest syslog entries. However, in two cases, I could observe the following pattern in the syslog:

  1. User logs in: "User:<username> authentication ok (REMOTE_ADDR <IPv6 address>)"
  2. Shortly thereafter, his session gets killed: "RemoteIP of '<SessionID>' (<IPv6 address>) is different from registered IP (<IPv4 address>). Invalidating session! Disable config 'SessionCheckRemoteIP' if you don't want this!"

The IP address is the same, only the format differs. The two users use different ISPs. Could this be a problem on our side? If so, it should be fixed.

Related Objects

Event Timeline

pajz created this task.Jan 31 2015, 10:06 PM
pajz raised the priority of this task from to Needs Triage.
pajz updated the task description. (Show Details)
pajz added a project: Znuny.
pajz added subscribers: Jgreen, pajz.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2015, 10:06 PM
Rjd0060 subscribed.Jan 31 2015, 10:09 PM

Couldn't this be directly related to T87217: Make OTRS sessions IP-address-agnostic?

Reedy subscribed.Jan 31 2015, 10:09 PM

It's not just ipv4 <-> ipv6. I had the same issue when using 2 different ipv4 isps.

We can disable 'SessionCheckRemoteIP'. I'm not sure if there's much to be gained by keeping it enabled...

pajz added a comment.Jan 31 2015, 10:10 PM

See T87217 for a proposal to disable OTRS' IP-address check alltogether, which would obviously also solve this issue.

pajz added a comment.Jan 31 2015, 10:15 PM
In T88224#1006500, @Reedy wrote:

It's not just ipv4 <-> ipv6. I had the same issue when using 2 different ipv4 isps.
We can disable 'SessionCheckRemoteIP'. I'm not sure if there's much to be gained by keeping it enabled...

Yes, but we should keep these issues separate IMHO. If you actually switch your IP, OTRS is currently configured to kill your session, so that's not unexpected given the current set-up. In the case described here, the IP doesn't really change, at least not from an end-user pespective.

Reedy added a comment.Jan 31 2015, 10:18 PM

It's the same issue. It was 2 ISPs at home. And when one connection goes away, it uses the other one.

There is no such thing as a corresponding IPv6 address for IPv4. There is no direct mapping, it's arbitrary, unless you were using embedding. If they were mapped to the same RDNS, that would be the only way they have any notation of being the "same"

pajz added a comment.EditedJan 31 2015, 10:38 PM

[Removed, misunderstanding on my part]

Ok, got your point. I still don't see how these are identical issues because, if you were to change your local configuration to IPv6, I figure you'd normally get an IP address pointing to the same endpoint, no? My question is if this whole thing is necessarily a local problem. Can users check if their IP address really keeps changing all the time and switching between some IPv4 address and some IPv6 address?

Jgreen closed this task as a duplicate of T87217: Make OTRS sessions IP-address-agnostic.Feb 2 2015, 2:43 PM
Aschmidt mentioned this in T87217: Make OTRS sessions IP-address-agnostic.Feb 23 2015, 12:10 PM
Steinsplitter moved this task from Incoming to Resolved on the Znuny board.Mar 19 2015, 10:27 AM
Rubin16 subscribed.Apr 19 2015, 7:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL