Session reuse detected

I encountered the same issue and was able to resolve it by following a tutorial from Arworld, which I’ve adapted to make it easier. The issue arises because CyberPanel detects an IP address change during a session, which leads to an automatic logout. If you’re using Cloudflare or another proxy, this can happen frequently due to IP address changes.

You can find Arworld’s original tutorial here: Fixing Error Message Session Reuse Detected IP Address Logged.

Here’s an updated guide to resolve the issue by replacing all instances of (request) with 'True-Client-IP':

Resolving IP Session Reuse Error in CyberPanel

Step 1: Access the Server via SSH

1. Log into your server via SSH with root privileges.

Step 2: Backup and Edit the IP Check File

1. Create a backup of the file to avoid data loss:

   cp /usr/local/CyberCP/CyberCP/secMiddleware.py /usr/local/CyberCP/CyberCP/secMiddleware.py.bak
   

2. Open the secMiddleware.py file with nano for editing:

   nano /usr/local/CyberCP/CyberCP/secMiddleware.py
   

3. Replace all occurrences of (request) with 'True-Client-IP' in the IP check code by using the code below exactly as presented:

   try:
       uID = request.session['userID']
       admin = Administrator.objects.get(pk=uID)
       ipAddr = request.META.get('True-Client-IP')  # Use 'True-Client-IP' for Cloudflare
   
       if ipAddr.find('.') > -1:
           if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
               pass
           else:
               del request.session['userID']
               del request.session['ipAddr']
               logging.writeToFile(request.META.get('True-Client-IP'))
               final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                            "errorMessage": "Session reuse detected, IPAddress logged."}
               final_json = json.dumps(final_dic)
               return HttpResponse(final_json)
       else:
           ipAddr = request.META.get('True-Client-IP').split(':')[:3]
   
           if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
               pass
           else:
               del request.session['userID']
               del request.session['ipAddr']
               logging.writeToFile(request.META.get('True-Client-IP'))
               final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
                            "errorMessage": "Session reuse detected, IPAddress logged."}
               final_json = json.dumps(final_dic)
               return HttpResponse(final_json)
   except:
       pass
   

4. Save and close nano:

   • Press Ctrl + O to save.
   • Press Enter to confirm.
   • Then, press Ctrl + X to exit.

Step 3: Restart CyberPanel Service

To apply the changes, restart the CyberPanel service with this command:

systemctl restart lscpd

Step 4: Test the Connection

Go back to your browser, log into CyberPanel again, and check if the IP session reuse error is resolved.

Conclusion

By following this tutorial, you’ve adjusted the IP check so that CyberPanel recognizes the user’s real IP address, even if you’re using a proxy service like Cloudflare. This should resolve the unexpected logout issue without compromising security.

Note: Keep a record of these changes for future CyberPanel updates.

Hope this helps!