[184125] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Brandon Butterworth)
Sat Sep 26 19:36:06 2015
X-Original-To: nanog@nanog.org
Date: Sun, 27 Sep 2015 00:35:05 +0100 (BST)
From: Brandon Butterworth <brandon@rd.bbc.co.uk>
To: nanog@nanog.org, dhubbard@dino.hostasaurus.com
Errors-To: nanog-bounces@nanog.org
> From: David Hubbard <dhubbard@dino.hostasaurus.com>
> Websites that require some type of authentication that is handled via
> session cookies have been booting our users out randomly with "your ip
> address has changed" type message. This occurs when their Mac decides
> to switch between protocols because the site views it as a session
> hijacking attempt when Joe User with session ID xyz switches from
> 192.0.2.10 to 2001:db8::1:1:a or vice versa.
>
> Has anyone run into this?
It's 1997 again? This used to be a common IPv4 problem for us as users
exited through a cluster of squid caches which could result in a
different address per request. Those site eventually learnt after much
feedback not to assume on IPv4 address continuity.
brandon
