26 Sep
2015
26 Sep
'15
7:35 p.m.
From: David Hubbard <dhubbard@dino.hostasaurus.com> Websites that require some type of authentication that is handled via session cookies have been booting our users out randomly with "your ip address has changed" type message. This occurs when their Mac decides to switch between protocols because the site views it as a session hijacking attempt when Joe User with session ID xyz switches from 192.0.2.10 to 2001:db8::1:1:a or vice versa.
Has anyone run into this?
It's 1997 again? This used to be a common IPv4 problem for us as users exited through a cluster of squid caches which could result in a different address per request. Those site eventually learnt after much feedback not to assume on IPv4 address continuity. brandon