Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Catalyst: Users

address mismatch warnings?

  

 
Catalyst users RSS feed   Index | Next | Previous | View Threaded


phil at 2people

Jun 18, 2009, 9:20 PM

Post #1 of 3 (516 views)
Permalink
address mismatch warnings?
I am getting a surprising number of these warnings in the error logs:

Deleting session b00b8b9d82da06a738cd7fe4d57760d8a8d69cd5 due to address
mismatch (146.229.203.46 != 64.255.180.21)

Is this something I should be concerned about? I've never really known how
this is possible (client IP changes? user is roaming?)


--
==========================
http://www.bikewise.org

2People citizen's network for climate action: http://www.2people.org

Greater Seattle Climate Dialogues: http://www.climatedialogues.org
==========================


swatt at infobal

Jun 19, 2009, 8:47 AM

Post #2 of 3 (456 views)
Permalink
Re: address mismatch warnings? [In reply to]
This does happen, most commonly when a site uses a load-balancing proxy
setup. According to the docs, this should not be happening by default,
but is enabled through the verify_address key for the session
configuration. On larger sites I've worked with, I ended up turning off
IP address verification as it was causing more problems than it was
worth (repeated login prompts). See the Caveats in the perldoc for
Catalyst::Plugin::Session.

All the best
Stuart



Phil Mitchell wrote:
> I am getting a surprising number of these warnings in the error logs:
>
> Deleting session b00b8b9d82da06a738cd7fe4d57760d8a8d69cd5 due to
> address mismatch (146.229.203.46 != 64.255.180.21)
>
> Is this something I should be concerned about? I've never really known
> how this is possible (client IP changes? user is roaming?)
>
--
Stuart Watt
ARM Product Developer
Information Balance


seasprocket at gmail

Jun 19, 2009, 1:52 PM

Post #3 of 3 (455 views)
Permalink
Re: address mismatch warnings? [In reply to]
On Fri, Jun 19, 2009 at 8:47 AM, Stuart Watt <swatt[at]infobal.com> wrote:

> This does happen, most commonly when a site uses a load-balancing proxy
> setup. According to the docs, this should not be happening by default, but
> is enabled through the verify_address key for the session configuration. On
> larger sites I've worked with, I ended up turning off IP address
> verification as it was causing more problems than it was worth (repeated
> login prompts). See the Caveats in the perldoc for
> Catalyst::Plugin::Session.
>

Thank you so much! I hadn't realized that verify_address was a config
setting (RTFM!) and I'm on an older version of C::P::S which defaults to
true.


--
==========================
http://www.bikewise.org

2People citizen's network for climate action: http://www.2people.org

Greater Seattle Climate Dialogues: http://www.climatedialogues.org
==========================

Catalyst users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.