Opened 2 years ago

Closed 21 months ago

Last modified 20 months ago

#1012 closed defect (fixed)

Bug in sesion handling when using IPV6

Reported by: skaplun Owned by: skaplun
Priority: major Milestone:
Component: WebSession Version:
Keywords: IPV6 session Cc: raja.sripada@…

Description

Currently, if a user visits Invenio with an IPV6 address, the session will be invalid because it's not possible to extract correctly it's IP address after the changes (re-)introduced in 6459e40050209f3151d591a089243034f221351f

Proper handling of IPV6 address must be introduced.

To reproduce the error just add in your /etc/hosts file something like:

::1     ip6-localhost ip6-loopback localhost

The browser will by default use ::1 when visiting localhost and this will trigger the session to be always invalid.

Change History (3)

comment:1 Changed 21 months ago by Samuele Kaplun <samuele.kaplun@…>

  • Resolution set to fixed
  • Status changed from new to closed

In c1389b21328131894408f6ba7549917a8ce589ec:

WebSession: IPv6 session handling fix

  • When performing a request over IPv6, disable support for CFG_WEBSESSION_IPADDR_CHECK_SKIP_BITS and directly handle the full IPv6 address. (closes #1012)

comment:2 Changed 20 months ago by Samuele Kaplun <samuele.kaplun@…>

In c1389b21328131894408f6ba7549917a8ce589ec:

WebSession: IPv6 session handling fix

  • When performing a request over IPv6, disable support for CFG_WEBSESSION_IPADDR_CHECK_SKIP_BITS and directly handle the full IPv6 address. (closes #1012)

comment:3 Changed 20 months ago by Samuele Kaplun <samuele.kaplun@…>

In c1389b21328131894408f6ba7549917a8ce589ec:

WebSession: IPv6 session handling fix

  • When performing a request over IPv6, disable support for CFG_WEBSESSION_IPADDR_CHECK_SKIP_BITS and directly handle the full IPv6 address. (closes #1012)
Note: See TracTickets for help on using tickets.