You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One issue I see from time to time with organization users (e.g. a university or hospital Wi-Fi) is a changing IP address for users as they browse and load pages. The whole IP doesn't change, just the last group of 3 digits as that's the IP range assigned to the organization. For example, as a user browses their IP changes from 111.222.333.444 to 111.222.333.555 to 111.222.333.666, etc. This behavior causes the CSRF validation to fail, since the codes are based on $_SERVER['REMOTE_ADDR'] (see EasyCSRF.php function referralHash).
It would be helpful to be able to use a partial user ip from $_SERVER['REMOTE_ADDR'], rather than the whole ip, for these use cases.
The text was updated successfully, but these errors were encountered:
One issue I see from time to time with organization users (e.g. a university or hospital Wi-Fi) is a changing IP address for users as they browse and load pages. The whole IP doesn't change, just the last group of 3 digits as that's the IP range assigned to the organization. For example, as a user browses their IP changes from 111.222.333.444 to 111.222.333.555 to 111.222.333.666, etc. This behavior causes the CSRF validation to fail, since the codes are based on $_SERVER['REMOTE_ADDR'] (see EasyCSRF.php function referralHash).
It would be helpful to be able to use a partial user ip from $_SERVER['REMOTE_ADDR'], rather than the whole ip, for these use cases.
The text was updated successfully, but these errors were encountered: