Well, if this *was* a session hijacking attempt... wouldn't it look exactly like this? ie, DSpace would be actually protecting you. :)
Alan On 06/08/2014 03:34 PM, Becker, Pascal-Nicolas wrote: > Hi, > > > today I used my test installation of DSpace for the first time from home > where I have IPv4 and IPv6 in a dual stack setup. My server has an IPv4 > and IPv6 connection as well, but in my office I currently have IPv4 > only. So today I was using DSPACE JSPUI (master branch from early may > 2014) in a IPv4/IPv6 dual stack setup for the first time. > > > While using DSpace I was asked to login every two minutes. As this was > quite annoying I looked in to dspace.log and found the following line: > > > 2014-06-08 14:01:13,201 WARN org.dspace.app.webui.util.UIUtil @ > POSSIBLE HIJACKED SESSION: request from > 2001:6f8:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX does not match original session > address: 85.XXX.XXX.XXX. Authentication rejected. > > > I think the problem is obvious: My mac is alternating using IPv4 and > IPv6 to connect to my DSpace installation. DSpace detects this as a > possible session hijacking attack and invalidates my session. > > > Has anyone had the same problem (already)? Has anyone an idea how to > solve this problem? And please don't suggest me to use either IPv4 or > IPv6. ;-) > > > Regards, > > Pascal > > > P.S. A solution could be to save a IPv4 and a IPv6 address to prevent > session hijacking while supporting IPv4/6 double stack setups. But even > then we could run into problems with IPv6 privacy extensions... > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > > > > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > List Etiquette: > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > -- Alan Orth [email protected] http://alaninkenya.org http://mjanja.co.ke "I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone." -Bjarne Stroustrup, inventor of C++ GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
