{"errorMessage": "Session reuse detected, IPAddress logged.", "error_message": "Session reuse detected, IPAddress logged."}
Can you point me how to fix/disable this?
My IP is dynamic, so every now and then it will be changed by my ISP. Sometimes it's minutes, and it can be hours.
Before (1.8.6 or older) this is not a problem.
Comments
https://github.com/usmannasir/cyberpanel/blob/1.8.0/CyberCP/secMiddleware.py
Remove line 11-40.
On server this file is available at
/usr/local/CyberCP/CyberCP
then
systemctl restart lscpd
after I started giving this problem I would switch panels, but there is no better panel with this support.
I same err
after remove line 11-40, i don't use cyberpanel access anybutton
what's next?
It is possible that you remove some additional lines from secMiddleware.py which is why you are getting 500 error.
/usr/local/CyberCP/CyberCP
and line 40 is: pass
https://43.224.33.39:8090/websites/
Error 500 here
Please confirm if 2 lines required or not. As your above not clear..
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
Why again in these 3 lines?
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
Its showing 500 server error. Please help.
mv /usr/local/CyberCP/secMiddleware.py /usr/local/CyberCP/secMiddleware.py-bak
Download new version.
wget -O /usr/local/CyberCP/secMiddleware.py https://github.com/usmannasir/cyberpanel/raw/stable/CyberCP/secMiddleware.py
then download run the upgrade/update cache clearing script
wget -O /usr/local/CyberCP/upgrade.sh https://github.com/usmannasir/cyberpanel/raw/stable/upgrade.sh
chmod +x /usr/local/CyberCP/upgrade.sh
Then run this and give it a few minutes to clear cache and restart cyberpanel daemon
bash /usr/local/CyberCP/upgrade.sh
This should bring it back to stock.
The file has probably changed some since the original post was made.
Looks like relevant lines are 12-41 that need removed or commented out.
https://github.com/usmannasir/cyberpanel/blob/ecffcd59412fa0d94b1574df0c02b3027b0aebe9/CyberCP/secMiddleware.py#L12-L41
If you want to easily remove the lines via commenting them out(make them inactive)
this can be done via sed command below.
sed -i '12,41 s/^/#/' /usr/local/CyberCP/CyberCP/secMiddleware.py
You can then confirm it via checking the lines right before and after.
sed -n '10,42p' /usr/local/CyberCP/CyberCP/secMiddleware.py
Before:
[email protected]:~# sed -n '10,42p' /usr/local/CyberCP/CyberCP/secMiddleware.py
def __call__(self, request):
try:
uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
if request.session['ipAddr'] == ipAddr:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass
if request.method == 'POST':
[email protected]:~#
After:
[email protected]:~# sed -i '12,41 s/^/#/' /usr/local/CyberCP/CyberCP/secMiddleware.py
[email protected]:~# sed -n '10,42p' /usr/local/CyberCP/CyberCP/secMiddleware.py
def __call__(self, request):
# try:
# uID = request.session['userID']
# ipAddr = request.META.get('REMOTE_ADDR')
#
# if ipAddr.find('.') > -1:
# if request.session['ipAddr'] == ipAddr:
# pass
# else:
# del request.session['userID']
# del request.session['ipAddr']
# logging.writeToFile(request.META.get('REMOTE_ADDR'))
# final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
# "errorMessage": "Session reuse detected, IPAddress logged."}
# final_json = json.dumps(final_dic)
# return HttpResponse(final_json)
# else:
# ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
#
# if request.session['ipAddr'] == ipAddr:
# pass
# else:
# del request.session['userID']
# del request.session['ipAddr']
# logging.writeToFile(request.META.get('REMOTE_ADDR'))
# final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
# "errorMessage": "Session reuse detected, IPAddress logged."}
# final_json = json.dumps(final_dic)
# return HttpResponse(final_json)
# except:
# pass
if request.method == 'POST':
[email protected]:~#
[email protected]:~# systemctl restart lscpd
[email protected]:~#
https://github.com/usmannasir/cyberpanel/commit/c335952b2a350690c79082e8ffb45cfebd2c039c
I do not have a dynamic session that changes to verify it that works, but the file works on my test server and has an if condition to only run if 'true' so in theory should work for you to toggle it off by setting value to 'false' without having to comment or delete lines in the core file which bound to be error-prone.
Download the file with option to toggle.
wget -O /usr/local/CyberCP/secMiddleware.py https://github.com/usmannasir/cyberpanel/raw/c335952b2a350690c79082e8ffb45cfebd2c039c/CyberCP/secMiddleware.py
Default: On 'true'
To set to On 'true'
sed -i "s/^sessionIPValidation =.*/sessionIPValidation = 'true'/g" /usr/local/CyberCP/CyberCP/secMiddleware.py
To set to Off: 'false'
sed -i "s/^sessionIPValidation =.*/sessionIPValidation = 'false'/g" /usr/local/CyberCP/CyberCP/secMiddleware.py
To check status:
grep -E '^sessionIPValidation' /usr/local/CyberCP/CyberCP/secMiddleware.py
Example of this toggled to On(true): Default
[email protected]:~# grep -E '^sessionIPValidation' /usr/local/CyberCP/CyberCP/secMiddleware.py
sessionIPValidation = 'true'
[email protected]:~#
Example of this toggled to Off(false):
[email protected]:~# grep -E '^sessionIPValidation' /usr/local/CyberCP/CyberCP/secMiddleware.py
sessionIPValidation = 'false'
[email protected]:~#
After toggling:
systemctl restart lscpd||service lscpd restart
Test
If it works ill submit a pull request to have it merged to the stable branch.
As of 2.0 the relevant lines are 17-47
> If your IP change frequently and you don't need this protection, you can edit this file
>
> https://github.com/usmannasir/cyberpanel/blob/1.8.0/CyberCP/secMiddleware.py
>
> Remove line 11-40.
>
> On server this file is available at /usr/local/CyberCP/CyberCP
>
> then systemctl restart lscpd
Solution did nt work. cyberpanel did not work properly with cloudflare
I can sometimes log in, and some times I get the error.
{"error_message": "Session reuse detected, IPAddress logged.", "errorMessage": "Session reuse detected, IPAddress logged."}
The tutorial over just ends up with internal error 500.
After logging in I can browse 1-2 sites on cyberpanel, then I have to login again.
Everything works well when I log in with HTTP:<IP-address>:<Port> (only loading of each page takes much longer).
I only have the issue described above when I log in with HTTPS:<hostname>:<port>.
Same behavior for others?
your issue will be resolved no need to remove a single line and also no 500 error cheers
regards
Aditya Rathore World
> For cloudflare users please replace REMOTE_ADDR with True-Client-IP and for nginx please replace REMOTE_ADDR with X_REAL_IP
> your issue will be resolved no need to remove a single line and also no 500 error cheers
> regards
> Aditya Rathore World
# ipAddr = request.META.get('True-Client-IP').split(':')[:3]
you can comment above line if using cloudflare as it have single header ip only
def __call__(self, request):
try:
uID = request.session['userID']
admin = Administrator.objects.get(pk=uID)
ipAddr = request.META.get('True-Client-IP')
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
# ipAddr = request.META.get('True-Client-IP').split(':')[:3]
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass