mellivora
mellivora copied to clipboard
Nakiami
admin getting logged out.
i made a admin user, but when trying to edit a preexisting challenge or trying to go into admin section after 1-2 minutes, i'm being redirected to home page, and getting logged out when i try to save changes, any idea what could be messed up ? i have no unusual activities in my apache logs. ps:- Tried to remove all users and they created new admin user, problem was solved but again its same now after 3-4 time logging in.
Have you checked the admin exceptions log? If you can't access through the UI, then you can check the exceptions table in the database.
The only thing I can think of that might be logging you out is if your IP keeps changing. If the IP changes the login session will be invalidated.
the exception log is empty, my ip is stable and static, can you tell me how do i disable the ip management kicking out feature, so that it does't kick me out of session. cause i have a CTF in my university coming up this tuesday.
| An invalid cookie token was used. Cookie likely stolen. TS: 4R3p983+qrrKm1mF | 2020-01-26 14:12:49 | N/A | 157.39.1*.** |
|---|---|---|---|
| #0 /var/www/mellivora/include/session.inc.php(72): login_session_create_from_login_cookie() #1 /var/www/mellivora/htdocs/home.php(5): login_session_refresh() #2 {main} |
well, i made a new user a moderator and this popped up in exception logs. i used * to hide my ip in this comment
Hm. That means your session has been closed and for some reason the content in your remember-me cookie or database have diverged. Have you been dropping the database manually?
Try resetting the cookie_tokens table. Then delete all your cookies set by mellivora.
I still think the root of the issue may be a varying IP. If it is, you could try to make the get_fingerprint() method in include/session.inc.php (https://github.com/Nakiami/mellivora/blob/master/include/session.inc.php#L379) return an empty string.