Forum problems behind Tor
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Forum problems behind Tor
The forum logs me out frequently. I suspect that this is because I'm behind Tor, which causes my IP to change every 10 minutes. Many times there is not time to compose a post before I'm logged out. Can we make the forum software not log people out when their IP changes?
Re: Forum problems behind Tor
This is something I have been seeing for, I think, years already. I always copy my posts to the clipboard before submitting them, just in case. But if there is any particular reason why this happens, I would also be very glad to have it resolved.biolizard89 wrote:The forum logs me out frequently. I suspect that this is because I'm behind Tor, which causes my IP to change every 10 minutes. Many times there is not time to compose a post before I'm logged out. Can we make the forum software not log people out when their IP changes?
BTC: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS
Use your Namecoin identity as OpenID: https://nameid.org/
Re: Forum problems behind Tor
The forum control panel has an option that might be relevant:
I have set it to "None" for now. With "https" it should not have any security implications?Session IP validation:
Determines how much of the users IP is used to validate a session; All compares the complete address, A.B.C the first x.x.x, A.B the first x.x, None disables checking. On IPv6 addresses A.B.C compares the first 4 blocks and A.B the first 3 blocks.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Forum problems behind Tor
Any security attained by verifying IP address consistency is security by obscurity. I believe as long as the end users keep their login cookies secure (meaning they don't have malware and they use HTTPS) it should be fine. Ryan is welcome to weigh in here.phelix wrote:The forum control panel has an option that might be relevant:
I have set it to "None" for now. With "https" it should not have any security implications?Session IP validation:
Determines how much of the users IP is used to validate a session; All compares the complete address, A.B.C the first x.x.x, A.B the first x.x, None disables checking. On IPv6 addresses A.B.C compares the first 4 blocks and A.B the first 3 blocks.
-
- Posts: 2001
- Joined: Tue Jun 05, 2012 6:25 am
- os: linux
Re: Forum problems behind Tor
Confirming that the issue appears to be resolved for me. Thanks for fixing it Phelix.