Jump to content

this request was aborted because it appears to be forged - but only for one user


Klenkes
 Share

Recommended Posts

I always thought this is a problem that only other people have...

An unhappy Wordpress user asked me to replicate everything in ProcessWire and I was happy.
Today was the day it went online and he gets logged out after a few minutes. Not me. Only him!
I read a lot of forum posts. They almost all deal with permissions and loggouts for all users. But in this case it's only him!

Since he used Edge to edit the old WP site, I told him to change to Firefox but not much change. Session seems to last longer... but I'm afraid that's only wishful thinking on my side.

It can't be serverside because it works fine for me since the last three weeks.

In config.php I always set $config->sessionFingerprint = 0;

I am out of ideas... (and coffee)

Link to comment
Share on other sites

Only ideas so far... based on some experiences in the past ...

  • VPN or internal routing issues
  • Adblocking, Privacy Extensions messing with cookies, IP, Browser string
  • Cloudflare CDN (website) and Cloudflare DNS (client) don't work well together
  • Cloudflare CDN caching issue (page rule needed to exclude PW-backend)
  • Using the site with developer tools / device preview enabled
  • IPv4/IPv6 issues either on client or server side
  • AntiVirus or Internet Security software

Check the PW logs (maybe even the server logs) to see what was happening when the client was trying to use the site just to get a clue. Something like:
Error: Session fingerprint changed (IP address or useragent) (IP: 127.0.0.1)

 

I had one client that used Opera with the built-in VPN. Took us quite some time to find this out as we both didn't know it even existed or was enabled. After disabling it the problem never occured again.

  • Like 1
Link to comment
Share on other sites

@wbmnfktr Thanks for the pointers!

The hoster is All-Inkl. in Germany, so no fancy cloud service.

PW logs don't say much, just: this request was aborted because it appears to be forged

Unfortunately the client doesn't live nearby, so no chance of dropping by and checking myself. At some point he will get frustrated and eventually agrees to use some sort of Teamviewer with me.

My gut feeling says inhouse routing, AntiVirus program or VPN, but my guts are old now...

  • Like 1
Link to comment
Share on other sites

3 minutes ago, Davis Harrison Dion said:

Does anything in this post help? I had this issue a while back and it was related to some sort of session data not getting written or served correctly...IIRC

Unfortunately not. The thing is that it works just perfectly for me, but not the client in his home.

I will check on other machines and browsers tomorrow, but I think it's an issue with the clients setup.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...