Session drop / kick out / logout problem

Hi!

We are new to cloudflare and hope someone could help.

So, we have a website that runs of Bitrix CMS.
After setting up cloudflare, admins and content managers of the website started experiencing unwanted behaviour with sessions. For example, after logging in, you can see admin panel on the main page.

However as soon as you visit another page, this admin panel no longer shows

because for some reason you are no longer logged in!

Another case is when you are in /bitrix/admin/ (which has a rule of exluding it from cache), you can visit other admin pages. However, waiting for only about a minute without visiting a page also logs you out.

Session time is actually 15 minutes. And it works well without cloudflare.

Any ideas how to fix this?

P.S. in Bitrix CMS sessions are bound to one ip address, So if your ip address is changed - automatically you are no longer logged in. Perhaps this has something to do with this issue.

Hey!
How did you fix this?
We have another CRM, Bitrix. It also has ip-binding for one session. If your ip changes - you are automatically logged out.

Any advice? Thanks!

I’ve a slightly different setup since I am using Railgun which is designed the way, that the first request hits with a Cloudflare IP. Once the Railgun connection is initiated, it changes to the private IP of my Railgun server.
The only way to get around this in Plesk was to disable those bindings. No issue in combination with Zone Lockdown.

But if you restore the visitor IP on your server, you should be fine.

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

Careful with Option 1. mod_cloudflare is deprecated and might no longer work on Debian >8 or Ubuntu >17.09. Use Apache’s mod_remoteip instead.

2 Likes

Wow! Thanks a lot!
Will try to figure which one will work with our server.

Ok, thanks to the link & info that @MarkMeyer provided the solution found was much simpler and it doesn’t invlove server-related tasks.

Since Bitrix runs on PHP and due to the fact that cloudflare stores user ips in $_SERVER['HTTP_CF_CONNECTING_IP'] the solution is like this:

Open /bitrix/php_interface/dbconn.php and add
$_SERVER["REMOTE_ADDR"] = $_SERVER['HTTP_CF_CONNECTING_IP'];
at the end of the file, before ?>

Works like a charm)

2 Likes

Just for the sake of good order and clarification. This is rather a quick hack than a proper solution.

What you are doing is simply overwriting the default value containing the IP address with the custom header provided by Cloudflare. This might fix the particular issue you experienced, but still doesnt fix it on a server level (e.g. logging, authentication, authorisation, etc.) and now you actually have a split dataset (your server wont agree with your PHP code).

The only proper solution is - as @MarkMeyer mentioned - to rewrite the IP address on a server level, in Apache’s case using mod_remoteip. If that is not possible, your approach might be the only available one, but you should be aware of the potential issues.