disconnection web interface

[damien.mathieu]

Hi everybody

I have a problem with openemm web interface. My users are victim of diconnection when are using of openemm. It very current (once or twice per minute).

In the log :

Code: Select all

ERROR [http-8080-12] org.agnitas.util.AgnUtils - no admin found in request session data

and more rarely :

Code: Select all

org.agnitas.web.filter.SessionHijackingPreventionFilter - IP addresses does not match - invalidating session 98BBEB6E0C9150F232C3E642112FCC5E (session: 82.244.165.223, client: 150.70.173.46)

Thank you for your help.

[mdoerschmidt]

Hi Damien,

the problem here is, that requests with same session ID came from different IP addresses. Maybe your users are behind proxies. You can either add affected IP addresses to a whitelist, or remove the entire filter from filter chain.

In WEB-INF/web.xml the filter is defined like that:

Code: Select all

	<filter>
		<filter-name>SessionHijackingPreventionFilter</filter-name>
		<filter-class>org.agnitas.web.filter.SessionHijackingPreventionFilter</filter-class>
		<init-param>
			<param-name>ip-whitelist</param-name>
			<param-value>127.0.0.1</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>SessionHijackingPreventionFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

The IP whitelist is a comma-separated list of IP addresses, so you can simply add affected IP addresses. (Note, that you have to list each IP address. IP ranges or net masks are not supported).
If you want to disable the filter, remove the <filter-mapping> section for SessionHihackingPreventionFilter.


Best regards,

Markus

[Schnix]

Hi,

I still have the same problem, although I added my IP to the whitelist and after that deleted the <filter-mapping> section for SessionHihackingPreventionFilter.

Code: Select all

ERROR [http-8080-3] org.agnitas.util.AgnUtils - no admin found in request session data

Thanks.

Stefan