-
You can now help support WorldwideDX when you shop on Amazon at no additional cost to you! Simply follow this Shop on Amazon link first and a portion of any purchase is sent to WorldwideDX to help with site costs.
LOGGING IN
- Thread starter LoneWolf TN
- Start date
AOL Sucks........
the "issue" doesn't lie with PHPBB. the problem is created by AOL.
phpBB2* uses sessions to keep track of users as they browse the board. These sessions use a combination of a unique session id and the users IP to identify each user. We* make use of the IP as an extra safe-guard to help prevent sessions being hijacked (by discovering the unique session id).
Unfortunately this only works when the users IP is constant as they browse the board. For most users this will be the case. However certain providers route their users via a cluster of proxys. In some cases, particularly AOL this results in different IPs being forwarded as the user moves between pages. We take account of this by not checking the entire IP but only the first "three quads". Again in most cases this will be fine. However again AOL uses IPs which can vary so much that checking only the first two quads results in a fairly static IP being available for session validation.
If you are experiencing problems related to this you can make a small change to the code. Please note that reducing the IP validation length does potentially increase the risk of sessions being hijacked (this is something for you to consider, phpBB Group takes no responsibility should anything happen!).
try this mole........
The change requires you to open the file sessions.php in the includes/ directory of the distribution. Find line 250, it contains the following
$ip_check_s = substr($userdata['session_ip'], 0, 6);
change this to:
$ip_check_s = substr($userdata['session_ip'], 0, 4);
You need to make exactly the same change to the number 6 in the next line. Save the file (and upload it if required). This should reduce or eliminate the problem noted.
the only way to solve the problem from the user end is to get rid of AOL and pay for a REAL Internet Service Provider instead of some third-party wanna-be. AOL's pathetic attempt at security for their users is one of the very things that allows the unscrupulous to hijack phpbb boards and requires admins of phpbb forums to compromise theirs. (security) remain vigilant.
the "issue" doesn't lie with PHPBB. the problem is created by AOL.
phpBB2* uses sessions to keep track of users as they browse the board. These sessions use a combination of a unique session id and the users IP to identify each user. We* make use of the IP as an extra safe-guard to help prevent sessions being hijacked (by discovering the unique session id).
Unfortunately this only works when the users IP is constant as they browse the board. For most users this will be the case. However certain providers route their users via a cluster of proxys. In some cases, particularly AOL this results in different IPs being forwarded as the user moves between pages. We take account of this by not checking the entire IP but only the first "three quads". Again in most cases this will be fine. However again AOL uses IPs which can vary so much that checking only the first two quads results in a fairly static IP being available for session validation.
If you are experiencing problems related to this you can make a small change to the code. Please note that reducing the IP validation length does potentially increase the risk of sessions being hijacked (this is something for you to consider, phpBB Group takes no responsibility should anything happen!).
try this mole........
The change requires you to open the file sessions.php in the includes/ directory of the distribution. Find line 250, it contains the following
$ip_check_s = substr($userdata['session_ip'], 0, 6);
change this to:
$ip_check_s = substr($userdata['session_ip'], 0, 4);
You need to make exactly the same change to the number 6 in the next line. Save the file (and upload it if required). This should reduce or eliminate the problem noted.
the only way to solve the problem from the user end is to get rid of AOL and pay for a REAL Internet Service Provider instead of some third-party wanna-be. AOL's pathetic attempt at security for their users is one of the very things that allows the unscrupulous to hijack phpbb boards and requires admins of phpbb forums to compromise theirs. (security) remain vigilant.