https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17050
Andrew Isherwood <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andrew.isherwood@ptfs-europ | |e.com Status|CLOSED |REOPENED Resolution|FIXED |--- --- Comment #20 from Andrew Isherwood <[email protected]> --- I've been facing this problem, or something very similar, today. This is on 18.11.03.000 with Plack and memcached enabled and with the SessionRestrictionByIP syspref enabled. I am finding that API requests that require authorisation are causing the session to time out. This manifests itself as the API request returning a 401, with the body {"error":"Session has been expired."}. After doing some digging, the "timeouts" happen because the condition on this line fails: https://github.com/PTFS-Europe/koha/blob/18.11.03/C4/Auth.pm#L912 Specifically, $ip is coming back from the session store as 127.0.0.1 and $ENV{'REMOTE_ADDR'} is the true client IP, so they do not match and the condition fails. So, it seems to me that when the session is created, for some reason 127.0.0.1 is being stored as the remote IP. Doing some research, the "acknowledged" way of ensuring the remote IP passes through an Apache proxy cleanly is: ProxyPreserveHost On However, including this in the Apache config doesn't resolve the problem. Anyone got any ideas? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
