[
https://issues.apache.org/jira/browse/GUACAMOLE-369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16550120#comment-16550120
]
Michael Jumper commented on GUACAMOLE-369:
------------------------------------------
{quote}
Is that intended behaviour?
{quote}
Yes. See the documentation quoted above. The token is defined as the IP address
used to initially authenticate.
{quote}
If the user doesn't log out from previous session, that session or at least the
IP of that session should be discarded, respectively updated after the same
user logs into his/her session from a new IP address (without having logged out
of old session).
{quote}
No, the IP address of the existing session will not be updated/discarded (see
the documentation quoted above), nor will the previous session be discarded.
Users are allowed to authenticate from multiple locations simultaneously.
> ip address in ${GUAC_CLIENT_ADDRESS} not updated
> ------------------------------------------------
>
> Key: GUACAMOLE-369
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-369
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-server, guacd
> Affects Versions: 0.9.13-incubating
> Environment: ubuntu server 16.04, nginx 1.10.3, tomcat 7.0.68
> Reporter: Tjareson Toland
> Priority: Minor
>
> If a guacamole user logs in from a different ip address, the ip address
> provided in ${GUAC_CLIENT_ADDRESS} for the new session still contains the
> address from his/her previous session.
> nginx and org.apache.catalina.valves.RemoteIpValve are configured accordingly.
> catalina.out is showing the right ip address.
> Looks like that the first ip a user is coming from gets somewhere buffered.
> Restart of tomcat resets that behavior.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
