Chris, of course! We are talking about debugging. The patches that solve the issue are already pushed!
El mar., 30 ago. 2016 a las 15:44, Chris Cormack (<[email protected]>) escribió: > You will need to be aware though that reduces your users protection from > session hijacking tremendously. We really need to make fixing it a > priority, without reducing security. > > Chris > > > On 31 August 2016 6:40:39 AM NZST, Tomas Cohen Arazi <[email protected]> > wrote: >> >> Magnus, there's been a lot of movement on the caching layer, and some of >> that work has been backported to the stable releases. Also, the >> RestrictSessionByIP setting was getting in the middle ( >> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17050). >> >> There's also a problem with memcached initialization in C4::Context that >> makes sessionStorage=memcache fail to persist sessions. >> >> My suggestion would be to set sessionStorage to 'mysql' and disable the >> RestricSessionByIP syspref. >> >> Regards >> >> >> >> El mar., 30 ago. 2016 a las 8:24, Magnus Enger (<[email protected]>) >> escribió: >> >>> Dear Community, >>> >>> I am seeing a strange problem, and I'm not sure where to start digging. >>> >>> I have a (big) server with 30 odd Koha instances. One of these >>> instances has been running under Plack for quite some time now, >>> without any problems. >>> >>> Two new instances have a problem where librarians get kicked out of >>> the intranet more or less frequently, with a message like "Your >>> session has expired, please log in again". >>> >>> We had this problem on 3.22.x. >>> After upgrading to 16.05.02 it went away. >>> After upgrading to 16.05.03 last night it came back again. >>> >>> It is not consistent. Earlier today it looked like you could log in, >>> click on a link, get thrown out, login again and then things would >>> work. Later users got kicked out every single time they clicked on a >>> link in the intranet. >>> >>> All sites are running off the official Debian packages, on the same >>> server. >>> Memcached is installed, enabled and used for storing sessions. >>> Switching SessionStorage to the DB does not stop the problem. >>> Stopping and disabling Plack for these two instances makes the problem >>> go away. >>> >>> I have not found anything interesting in Plack or Apache logs. >>> >>> Anyone got a hunch what might be causing this? Or where to start digging? >>> >>> Best regards, >>> Magnus >>> _______________________________________________ >>> Koha-devel mailing list >>> [email protected] >>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel >>> website : http://www.koha-community.org/ >>> git : http://git.koha-community.org/ >>> bugs : http://bugs.koha-community.org/ >>> >> -- >> Tomás Cohen Arazi >> Theke Solutions (https://theke.io <http://theke.io/>) >> ✆ +54 9351 3513384 >> GPG: B2F3C15F >> >> ------------------------------ >> >> Koha-devel mailing list >> [email protected] >> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel >> website : http://www.koha-community.org/ >> git : http://git.koha-community.org/ >> bugs : http://bugs.koha-community.org/ >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -- Tomás Cohen Arazi Theke Solutions (https://theke.io <http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
