Invalid session / dynamic IP-switching proxy

Gus,
I can’t post anything on Forumosa from my office PC, and this is a problem that probably affects other users to a greater or lesser extent. I did a bit of investigating and this is what i found:

People who access the Internet through a dynamic IP-switching proxy can’t post anything on Forumosa. The IP-switching gives the user enhanced security against hackers, but because their IP changes with each page they load on their browser, secure transactions with a server that monitors their IP will fail.
And so it is with the Forumosa site. Let’s say I’m browsing a forum from the IP address 190.160.10.10, and I’m issued a session ID based on that IP address. I click “Post Reply” and the “Post a reply” page loads fine - but it loaded to a new IP address (say 190.160.10.20) because the proxy switched my IP with the new page request. Now, I can fill text in the reply box, and hit “Preview” or “Submit” … but I’ll get the “Invalid session” error. This is because the server tries to match my new IP to the old Session ID (based on the old IP) and it failed.
The thing is that for 99% of Internet activities, having your IP switched by the proxy won’t matter. The user won’t even notice. But if (like the Forumosa site) the software security authenticates your activities by IP address, you’re going to be buggered if your IP dynamically switches.

I do realize that authenticating transactions by Session ID/IP address provides the Forumosa site with additional security … but users can’t change the proxy settings of their ISP. Is there any way around this problem? Is it possible for you to change the security settings for individual members or is there just one phpBB security setting that affects all users?

monkey,

I did see this the other day and it’s on my to-do list. But thank you for bringing this back to my attention

I have to admit that with not one, but two new releases of this forum system, I’ve started wondering when (if ever) another upgrade of these forums should occur. Of course, this would break my promise to never upgrade again. (Incidentally, www.taiwanho.com has upgraded to 2.0.5 and they are reporting mixed results performance-wise)

In the next few weeks, I will read-up on the merits of phpBB v. 2.0.5 and 2.2. How they handle proxies is primarily what I’m looking for.

Invalid_sessions are indeed a known problem (bug?) for phpBB – although I will confess that in the two primary configurations that I’ve been using to connect here these days, I have not encountered problems. (Of course, this isn’t to say that I don’t consider this a major issue. Enough long-term members have complained here that ignoring it is ridiculous)

ttfn.