[dokuwiki] Re: Does login cookie require connection from same IP?
- From: Michael Hamann <michael@xxxxxxxxxxxxxxxx>
- To: dokuwiki <dokuwiki@xxxxxxxxxxxxx>
- Date: Fri, 25 Mar 2011 23:18:30 +0100
Hi,
Excerpts from Chris G's message of 2011-03-25 12:46:29 +0100:
> Sometimes when I attempt to login to my Dokuwiki site the connection
> simply times out when I click on the Login link. The URL is of the type:-
>
>
> http://zbmc.eu/info/jrml:start?do=login§ok=4155f71ec78223be0f550653667e372d
>
> If I click on the 'try again' button when it times out then it works
> immediately.
Hm, do you have any plugins installed and which authentication backend
are you using? Can you see in the error log or the error output from PHP
where the execution stops? It might also be a problem with concurrent
access to session data when you are on NFS as experienced on SF.net (see
https://sourceforge.net/apps/trac/sourceforge/ticket/18084) - though I
don't know why that should happen on the login page and not in other
cases.
> When processing this sort of URL does Dokuwiki expect the client to be
> connecting from the same IP as the original request? My internet
> connection is via two ADSL links which are load shared by my router so
> my IP address (as seen by the server) can change randomly.
No, as long as you aren't logged in the security token isn't checked at
all (though I don't know why) and I remember having read that the login
process isn't secured by a security token because that might break
certain tools that allow automatic logging. The session is somehow bound
to the IP, but you'll get another cookie automatically that contains
your encrypted password that will be rechecked when your IP changes.
Regards,
Michael
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
