Symptoms
Clients routinely get logged out of cPanel, WHM, or Webmail interfaces, with messages similar to the following found in the session_log and login_log log files:
CONFIG_TEXT: info [cpaneld] 192.0.0.2 PURGE cpuser:0bbLUzVJOnFpdK5S badpass [cookie ip check: IP address has changed: IP Address [192.0.0.1] != Current IP Address [192.0.0.2]]
info [cpaneld] 192.0.0.2 PURGE cpuser:0bbLUzVJOnFpdK5S badpass [cookie ip check: IP address has changed: IP Address [192.0.0.1] != Current IP Address [192.0.0.2]]
Cause
By default, cPanel ensures that the connecting IP matches what is stored in the login session's cookie. If the IP address changes after a login session is created, then the user must re-authenticate in order to proceed. A client's IP address change can occur for various reasons, such as the user being on a shared network, or using some proxies when connecting to cPanel.
Resolution
To resolve this, the Cookie IP validation option can be made less strict, or be disabled.
- Log into WHM as the
rootuser. - Navigate to Home / Server Configuration / Tweak Settings
- Click the Security tab.
-
Change the Cookie IP validation value to "loose" or "disabled" as required.
- strict (default) - Requires the current IP address and the cookie IP address to exactly match.
- loose - Requires the IPs are in the same /24 netblock.
- disabled - Disables Cookie IP validation.
- Click the Save button at the bottom of the page.
Comments
0 comments
Article is closed for comments.