[pmwiki-users] Site wanting login

Petko Yotov 5ko at 5ko.fr
Fri Sep 7 08:23:15 PDT 2018


This appears to be a message from the UserAuth addon.

Looking at the source code, you may be able to allow changes of the IP 
address during the same session with such a line in config.php, before 
including the userauth2.php file:

   $UA2EnforceFixedClientIp = false;

If an IP address changes in the same session, either:
1. you actually changed IP address (may happen often if you use mobile 
3G/4G internet, on the move, or if your device disconnects and 
reconnects a little later, or you passed through some load-balancing 
proxy), or
2. someone else was somehow able to hijack your session ID and is trying 
to access the wiki.

In the past IP addresses changed rarely during a session (~ 20 min) so 
the addon considers this risky.

If you configure your wiki to redirect all visitors to the HTTPS/SSL 
version, the risk of having your session ID stolen is much lower.

By default, PmWiki doesn't restrict a session to a single IP address.

Petko

-- 
If you upgrade :  http://www.pmwiki.org/Upgrades


On 07/09/2018 16:53, Neil Cheng wrote:
> I have been using pmwiki for several years for my website
> cruiseportwiki.com [1]
> 
> I have recently been getting the following error at random times
> accessing pages.  Pages are public read only and admin write only.
> 
> This has been reported by other users as well.  Running version
> 
> pmwiki-2.2.107
> 
>  Session client coupling inconsistent (IP address changed?). Stopping
> for security reasons.



More information about the pmwiki-users mailing list