Hi Damien,
the problem here is, that requests with same session ID came from different IP addresses. Maybe your users are behind proxies. You can either add affected IP addresses to a whitelist, or remove the entire filter from filter chain.
In WEB-INF/web.xml the filter is defined like that:
Code: Select all
<filter>
<filter-name>SessionHijackingPreventionFilter</filter-name>
<filter-class>org.agnitas.web.filter.SessionHijackingPreventionFilter</filter-class>
<init-param>
<param-name>ip-whitelist</param-name>
<param-value>127.0.0.1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SessionHijackingPreventionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The IP whitelist is a comma-separated list of IP addresses, so you can simply add affected IP addresses. (Note, that you have to list each IP address. IP ranges or net masks are not supported).
If you want to disable the filter, remove the <filter-mapping> section for SessionHihackingPreventionFilter.
Best regards,
Markus