[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question re session hijacking in dual stack environments w/MacOS

Subject: Question re session hijacking in dual stack environments w/MacOS
From: brandon at rd.bbc.co.uk (Brandon Butterworth)
Date: Sun, 27 Sep 2015 00:35:05 +0100 (BST)

> From: David Hubbard <dhubbard at dino.hostasaurus.com>
> Websites that require some type of authentication that is handled via
> session cookies have been booting our users out randomly with "your ip
> address has changed" type message.  This occurs when their Mac decides
> to switch between protocols because the site views it as a session
> hijacking attempt when Joe User with session ID xyz switches from
> 192.0.2.10 to 2001:db8::1:1:a or vice versa.
> 
> Has anyone run into this?

It's 1997 again? This used to be a common IPv4 problem for us as users
exited through a cluster of squid caches which could result in a
different address per request. Those site eventually learnt after much
feedback not to assume on IPv4 address continuity.

brandon

Follow-Ups:
- Question re session hijacking in dual stack environments w/MacOS
  - From: michael at supermathie.net (Michael Brown)

Prev by Date: ARIN Region IPv4 Free Pool Reaches Zero
Next by Date: Question re session hijacking in dual stack environments w/MacOS
Previous by thread: Question re session hijacking in dual stack environments w/MacOS
Next by thread: Question re session hijacking in dual stack environments w/MacOS
Index(es):
- Date
- Thread