SP logging users out after one second of being authenticated
Cantor, Scott
cantor.2 at osu.edu
Tue Aug 23 12:18:14 UTC 2022
On 8/23/22, 8:11 AM, "erki at cloudek.eu" <erki at cloudek.eu> wrote:
> The config says: consistentAddress="false"
That's not the default, so it must have been changed. Also means you're security here is incredibly low, any XSS attack against that cookie is game over.
> Apache log does not indicate that the Source IP is changing.
Well, that's the most common cause, so other than looking at the remaining log you haven't looked at, that's all I can suggest.
-- Scott
More information about the users
mailing list