Why is there another problem again?
Now after logging in it writes me this error. How do we solve it?
I have a static IP, and I use Cloudflare on every website.
{"error_message": "Session reuse detected, IPAddress logged.", "errorMessage": "Session reuse detected, IPAddress logged."}
I have the same issue too.
same issue
With cloudflare on admin panel I get the same. Please help asap
I encountered the same issue and was able to resolve it by following a tutorial from Arworld, which Iāve adapted to make it easier. The issue arises because CyberPanel detects an IP address change during a session, which leads to an automatic logout. If youāre using Cloudflare or another proxy, this can happen frequently due to IP address changes.
You can find Arworldās original tutorial here: Fixing Error Message Session Reuse Detected IP Address Logged.
Hereās an updated guide to resolve the issue by replacing all instances of (request) with 'True-Client-IP':
Create a backup of the file to avoid data loss:
cp /usr/local/CyberCP/CyberCP/secMiddleware.py /usr/local/CyberCP/CyberCP/secMiddleware.py.bak
Open the secMiddleware.py file with nano for editing:
nano /usr/local/CyberCP/CyberCP/secMiddleware.py
Replace all occurrences of (request) with 'True-Client-IP' in the IP check code by using the code below exactly as presented:
try:
uID = request.session['userID']
admin = Administrator.objects.get(pk=uID)
ipAddr = request.META.get('True-Client-IP') # Use 'True-Client-IP' for Cloudflare
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = request.META.get('True-Client-IP').split(':')[:3]
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass
Save and close nano:
Ctrl + O to save.Enter to confirm.Ctrl + X to exit.To apply the changes, restart the CyberPanel service with this command:
systemctl restart lscpd
Go back to your browser, log into CyberPanel again, and check if the IP session reuse error is resolved.
By following this tutorial, youāve adjusted the IP check so that CyberPanel recognizes the userās real IP address, even if youāre using a proxy service like Cloudflare. This should resolve the unexpected logout issue without compromising security.
Note: Keep a record of these changes for future CyberPanel updates.
Hope this helps!
Easiest fix: Dont your cloudflare DomainName/IP to access Admin panel, instead use the direct IP of your server
I use Cloudflare with the proxy enabled for the panel accessible from the web and having made the replacement only for the part indicated above, for me everything works correctly, you must surely have a problem elsewhere
I also use Cloudflare with proxy set up, i.e. without Cloudlfare the access works without port 8090. I have changed the code part, but also get an error 500.
Had you seen that the secMiddleware.py file was updated two days ago? Do you have the full code for us?
Below is the updated file with True-Client-IP changes.
try:
uID = request.session['userID']
admin = Administrator.objects.get(pk=uID)
ipAddr = secMiddleware.get_client_ip('True-Client-IP')
if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = secMiddleware.get_client_ip('True-Client-IP').split(':')[:3]
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(secMiddleware.get_client_ip('True-Client-IP'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
except:
pass
Thank you very much I fixed my problem with your code
You can try my method, it will fix this problem, but donāt update, if you update it needs to be re-fixed, I have submitted a pull.
Your solution works.
Good morning,
with all due respect, this really doesnāt solve anything. Changing control panel files makes no sense at all! Especially considering the high frequency of updates released by developers.
Is this a compatibility problem with Cloudflare? Is it sufficient to change the global variable used in the secMiddleware.py file?
Very well then, the developers will work on it and insert a checkbox or something similar within the panel to signal that Cloudflare is being used and thus the behaviour in the code of the file is changed. Or they will find a way to detect the presence of the clodflare proxy and thus, again, change the behaviour of the file.
There is NO way that users would regularly have to modify a panel file to compensate for such a problem.
In fact, you are right!
Can this change be made to the actual code, so that each person doesnt have to do this on every update?
Ive created a Github issue for it, but it would be far easier for usman/the team to implement the change
[BUG] Session reuse detected Ā· Issue #1371 Ā· usmannasir/cyberpanel
This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.