Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG] Session reuse detected #1371

Open
nickchomey opened this issue Nov 29, 2024 · 1 comment
Open

[BUG] Session reuse detected #1371

nickchomey opened this issue Nov 29, 2024 · 1 comment

Comments

@nickchomey
Copy link
Contributor

nickchomey commented Nov 29, 2024
edited
Loading

Sometimes we get blocked from logging in when using a Cloudflare domain. It is well documented here with a solution https://community.cyberpanel.net/t/session-reuse-detected/56247/9

Can this change be incorporated into the next release?

This code should change to the following.

try:
            uID = request.session['userID']
            admin = Administrator.objects.get(pk=uID)
            ipAddr = secMiddleware.get_client_ip('True-Client-IP')

            if ipAddr.find('.') > -1:
                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
            else:
                ipAddr = secMiddleware.get_client_ip('True-Client-IP').split(':')[:3]
                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                    pass
                else:
                    del request.session['userID']
                    del request.session['ipAddr']
                    logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
                    final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                                 "errorMessage": "Session reuse detected, IPAddress logged."}
                    final_json = json.dumps(final_dic)
                    return HttpResponse(final_json)
        except:
            pass

I dont know/remember how cyberpanel branches work, so it would be much easier if you can just implement it @usmannasir

It probably needs to have some conditional logic to handle cloudflare vs not cloudflare - perhaps check for the existence of True-Client-IP, and use it if it is there. Otherwise use request
@nickchomey nickchomey changed the title [BUG] [BUG] Session reuse detected Nov 29, 2024
@hlshell
Copy link

hlshell commented Nov 30, 2024

#1371

This is the effective way to solve the problem.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlshell @nickchomey