Access Policies

Hello All,

We have been using ZERO Trust from Cloudflare for a few months and it’s been really helpful during development phase where we do not want to expose our domain to the outside world. Something strange happened though in the last few days. When I visit the site (after clearing my cache) I get prompted for the OTP. The OTP is received via email. I type the OTP into the browser or click on teh link and then i get an error message from Cloudflare “Invalid Login Session” and I cannot access the site. The strange thing is when I go to the Logs on Cloudflare site it says access was granted, but what is super strange is that my country is incorrectly logged as an EU country. A few recurring attempts from my side results in the same behaviour and the logs keep changing my source country.

Has anyone seen this before?

Hello Community,

Keen to know whether someone has seen this type of behaviour before. Something else to add, the issue was not isolated to only my access, the same happened to two other members in different geographical areas of the world.

Hoping for some positive feedback. Thanks

I’ve been using Cloudflare access to protect a Cloudflare pages site via OTP login, but I recently started seeing the same “Invalid Login Session” issue.

In my case, the country in the access logs is correct, but the IP address on all unsuccessful attempts are random / incorrect. In the rare instances where the session goes through cleanly, the source IP address is always correct. I am not using a VPN or any service that would obfuscate my source IP address.

I’ve asked other users in my organization to try it and they get similar results, so it’s not specific to a particular account, nor to a specific site, as I’ve run into this on multiple sites that had previously been working and that had not been modified since it stopped working.