Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Session reuse detected #1371

Open
nickchomey opened this issue Nov 29, 2024 · 1 comment
Open

[BUG] Session reuse detected #1371

nickchomey opened this issue Nov 29, 2024 · 1 comment

Comments

@nickchomey
Copy link
Contributor

nickchomey commented Nov 29, 2024
edited
Loading

Sometimes we get blocked from logging in when using a Cloudflare domain. It is well documented here with a solution https://community.cyberpanel.net/t/session-reuse-detected/56247/9

Can this change be incorporated into the next release?

This code should change to the following.

try:
            uID = request.session['userID']
            admin = Administrator.objects.get(pk=uID)
            ipAddr = secMiddleware.get_client_ip('True-Client-IP')

            if ipAddr.find('.') > -1:
                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
            else:
                ipAddr = secMiddleware.get_client_ip('True-Client-IP').split(':')[:3]
                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
        except:
            pass

I dont know/remember how cyberpanel branches work, so it would be much easier if you can just implement it @usmannasir

It probably needs to have some conditional logic to handle cloudflare vs not cloudflare - perhaps check for the existence of True-Client-IP, and use it if it is there. Otherwise use request
@nickchomey nickchomey changed the title [BUG] [BUG] Session reuse detected Nov 29, 2024
@hlshell
Copy link

hlshell commented Nov 30, 2024

#1371

This is the effective way to solve the problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlshell @nickchomey