cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

IPv6 & IPv4 cookie validation

zstergios shared this idea 17 months ago
Open Discussion

As a System Administrator, I would like cPanel to be able to monitor and detect IP changes between IPv4 and IPv6 so that users will not be logged out automatically when their IP is changed dynamically.


====================

Most routers (& ISPs) nowadays support both IPv4 and IPv6.

Some of my clients reported me that they are facing login issues (immediately logout) or they auto-logout to soon. (after a while)

cPanel and Webmail auto-logout very often because client IP is changed dynamically!


This is happening because randomly IPv4/6 is forwarded as client IP.

A client may log in with IPv4 and after a while the client IP that forwards to browser to be the IPv6!

This issue has to be solved before IPV6 support became mainstream to all servers.


Some solutions/suggestion

1) If a logged user with IPv4 comes up with IPv6 update the cookie with the IPv6 and the opposite.

So client logins with IP 10.10.10.10 and IPv6 are unknown, if has successful login and IPv6 detected (using same user agent and session-id), add the "IPv6 cookie"

2) Ajax request that monitors the client IP, if IP is changed from IPv4 to IPv6 (or the opposite) prevent logout

In other words, should be created a unique pair of valid IPv4 and IPv6

Some sites like whatismyipaddress.com can detect both IPs.

cPanel can do that too!


A temporary and bad solution is to turn off the IP validation Cookie.

PS: Loose option does not solve the issue