-
Type:
Bug
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Main back-end mechanisms (Worker, Logging, etc.)
-
Emptyshow more show less
problem
A specific user could not work with translate5 since he was always getting problems on saving segments.
In the log file I discovered messages like:
"Subject: exception 'Zend_Exception' with message 'IP-Validierung schlug fehl - storage-adress zz5.60.xxx.yyy ungleich REMOTE_ADDR zz7.226.xxx.yyy'"
After that exception the user is immediatelly logged out, which results also in several "invalid JSON" messages which are tracked in therootcause.
Technically that means that the user has multiple IPs on the same session, which can happen for example with using a proxy or similar.
solution
The session restriction class must configurable, so that the single parts of the restriction is configurable. Since this class is a ZfExtended feature, it could be senseful not to put that config into Zf_configuration, but just enable / disable that Controller Plugin via installation.ini (since main definition is in application.ini)
- relates to
-
TRANSLATE-186 increase security with ZfExtended_Controllers_Plugins_SessionRestriction
- Done
