bernhard Posted August 31, 2015 Posted August 31, 2015 i have a new mobile phone (android 4.4.2 + chrome 44.0.2403.133) and got some problems with some of my websites - but not all of them! logs say User 'admin' - Error: Session fingerprint changed (IP address or useragent) (IP: xx.xxx.xx.xxx) changing $config->sessionFingerprint to "8" (only useragent) solves the problem, but i'm not sure if that's the best solution... does this open any security holes? what is also strange is that there is one website where everything works fine. it's the only website with "session handler database" module installed so i thought this was the issue, but installing this module on another site led to "this ... appears to be forged", so i had to set fingerprint to 8 again. any insights would be very welcome, thank you
Adam Kiss Posted September 3, 2015 Posted September 3, 2015 I had something like this happen once. Somehow the wire cookie was empty, but existing — so it wasn't set to real cookie, but also wasn't working. Try clearing your cookies
bernhard Posted November 20, 2015 Author Posted November 20, 2015 i still have this problem on all my installations with my "new" mobile phone. any insights how "dangerous" a change to "8" is?
Soma Posted November 20, 2015 Posted November 20, 2015 There are no alternatives afaik. Fingerprint is sometimes too much security and creates more problems than it solves. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now