SP logging users out after one second of being authenticated

Cantor, Scott cantor.2 at osu.edu
Tue Aug 23 12:18:14 UTC 2022

On 8/23/22, 8:11 AM, "erki at cloudek.eu" <erki at cloudek.eu> wrote:

>    The config says: consistentAddress="false"

That's not the default, so it must have been changed. Also means you're security here is incredibly low, any XSS attack against that cookie is game over.

>    Apache log does not indicate that the Source IP is changing.

Well, that's the most common cause, so other than looking at the remaining log you haven't looked at, that's all I can suggest.

-- Scott

More information about the users mailing list