Invalidating Sessions

Since setting up my sites with Cloudflare, a handful of them can’t seem to keep a session alive. We’re using the concrete5 CMS platform, and after logging in to the platform the session immediately gets invalidated. Has anyone else had this issue?

The issue persists if I switch to development mode.

Dev Mode is pretty much just for caching, and some performance settings.

Could it be related to WebSockets?
https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-Cloudflare-with-WebSockets-

Not sure, is that something I’d have to set up? It looks like Cloudflare automatically sets it up?

I think it’s On by default. It’s in the Network section of the Cloudflare dashboard.

Whats the URL and would you have a test account?

1 Like

Login :: MYRIAD CREATIVE login url
test account: test
test password: newpassword

I was able to log in after pausing Cloudflare, so it appears that the issue is related to CF.

The login works, however I can confirm that it seems to log you out after a few clicks. I somewhat doubt that this is Cloudflare related.

I presume your server IP does not end any longer in 127, right? Can you post a screenshot of your DNS records, with IP addresses redacted?

1 Like

Alternatively, could your session system be based on the client IP address, which invalidates the session should the address change? If you are not rewriting IP addresses, that could be the case when the proxy address might change for a request.

Are you rewriting IP addresses on your server? If not → https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-

All right, one of each in this case and not a round-robin setup. You can remove the posting with the screenshot at this point.

My guess now would be some IP based session system. Are you rewriting IP addresses as mentioned earlier?

1 Like

Thanks for the response! I’m going to look into the IP session option. Thanks!

This topic was automatically closed after 14 days. New replies are no longer allowed.