Title: Message Title
|
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Unassigned
|
|
Created:
|
19/Jun/14 2:28 PM
|
|
Environment:
|
Server and Client in IPv4 IPv6 dual stack setups.
OS X 10.7
|
|
Labels:
|
IPv6
|
|
Priority:
|
![Major]() Major
|
|
Reporter:
|
Pascal-Nicolas Becker
|
|
I have a DSpace test installation of the current master (from May 22nd 2014) on a server with an IPv4 IPv6 dual stack setup. While using my MacBook in a dual stack setup, I was asked to login every two minutes. As this was quite annoying I looked in to dspace.log and found the following line:
2014-06-08 14:01:13,201 WARN org.dspace.app.webui.util.UIUtil @ POSSIBLE HIJACKED SESSION: request from 2001:6f8:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX does not match original session address: 85.XXX.XXX.XXX. Authentication rejected.
I think the problem is obvious: My Mac is using IPv4 and IPv6 alternatingly to connect to my DSpace installation. DSpace detects this as a possible session hijacking attack and invalidates my session.
A solution could be to save a IPv4 and a IPv6 address to prevent session hijacking while supporting IPv4/6 double stack setups. But even then we could run into problems with IPv6 privacy extensions...
|
|
|
|
|
|
|
|
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
