Bukkit

What steps will reproduce the problem?
1. Install Authme on a server with BungeeCord
2. Try to set Sessions so that users dont need to login whenever they switch server.
3. Log out as owner.
4. Someone else logs in as owner without password beeing asked.
5. Server is completely ruined.

What is the expected output? What do you see instead?
I expect Authme to destroy session on ip change, as i have set it in the config

What version of the product are you using?
Tried multiple, same problem untill latest version as of today (30-09)

Do you have an error log of what happened?(Server console output)
There are no errors, it just dont secure nothing.

Please provide any additional information below.(config.yml)
DataSource:
  mySQLColumnName: username
  mySQLTablename: authme
  mySQLUsername: ***** backend: mysql
  mySQLColumnLastLogin: lastlogin
  mySQLDatabase: ***** mySQLPort: '3306'
  mySQLColumnIp: ip
  mySQLHost: 127.0.0.1
  mySQLColumnPassword: password
  mySQLPassword: ***** caching: true
  mySQLlastlocX: x
  mySQLlastlocY: y
  mySQLlastlocZ: z
  mySQLlastlocWorld: world
  mySQLColumnEmail: email
  mySQLColumnId: id
GroupOptions:
  UnregisteredPlayerGroup: ''
  RegisteredPlayerGroup: ''
  Permissions:
    PermissionsOnJoin: []
settings:
  sessions:
    enabled: true   timeout: 240
    sessionExpireOnIpChange: true
  restrictions:
    allowChat: false
    allowCommands:
    - /login
    - /register
    - /l
    - /reg
    - /passpartu
    - /email
    - /captcha
    maxRegPerIp: 1
    maxNicknameLength: 20
    ForceSingleSession: true
    ForceSpawnLocOnJoinEnabled: false
    SaveQuitLocation: false
    AllowRestrictedUser: false
    AllowedRestrictedUser: []
    kickNonRegistered: false
    kickOnWrongPassword: false
    teleportUnAuthedToSpawn: true
    minNicknameLength: 3
    allowMovement: false
    timeout: 30
    allowedNicknameCharacters: '[a-zA-Z0-9_?]*'
    allowedMovementRadius: 100
    enablePasswordVerifier: true
    ProtectInventoryBeforeLogIn: true
    displayOtherAccounts: true
    ForceSpawnOnTheseWorlds:
    - world
    - world_nether
    - world_the_end
    banUnsafedIP: false
  GameMode:
    ForceSurvivalMode: false
    ResetInventoryIfCreative: false
    ForceOnlyAfterLogin: false
  security:
    minPasswordLength: 4
    unLoggedinGroup: unLoggedinGroup
    passwordHash: XAUTH
    doubleMD5SaltLength: 8
  registration:
    enabled: true
    messageInterval: 5
    force: true
    enableEmailRegistrationSystem: false
    doubleEmailCheck: false
  unrestrictions:
    UnrestrictedName: []
  messagesLanguage: en
ExternalBoardOptions:
  mySQLColumnSalt: ''
  mySQLColumnGroup: ''
  nonActivedUserGroup: -1
  mySQLOtherUsernameColumns: []
  bCryptLog2Round: 10
Xenoforo:
  predefinedSalt: ''
permission:
  EnablePermissionCheck: false
BackupSystem:
  ActivateBackup: false
  OnServerStart: false
  OnServerStop: true
  MysqlWindowsPath: C:\\Program Files\\MySQL\\MySQL Server 5.1\\
Passpartu:
  enablePasspartu: false
Security:
  SQLProblem:
    stopServer: true
  ReloadCommand:
    useReloadCommandSupport: true
  console:
    noConsoleSpam: false
    removePassword: true
    logConsole: false
  captcha:
    useCaptcha: false
    maxLoginTry: 5
    captchaLength: 5
Converter:
  Rakamak:
    fileName: users.rak
    useIP: false
    ipFileName: UsersIp.rak
    newPasswordHash: SHA256
Email:
  mailSMTP: smtp.gmail.com
  mailPort: 465
  mailAccount: ''
  mailPassword: ''
  mailSenderName: ''
  RecoveryPasswordLength: 8
  mailSubject: Your new AuthMe Password
  maxRegPerEmail: 1
  mailText: 'Dear <playername>, <br /><br /> This is your new AuthMe password for
    the server <br /><br /> <servername> : <br /><br /> <generatedpass><br /><br />Do
    not forget to change password after login! <br /> /changepassword <generatedpass>
    newPassword'
Hooks:
  multiverse: true
  chestshop: true
  bungeecord: true
  notifications: true
  disableSocialSpy: true
  useEssentialsMotd: false
Performances:
  useMultiThreading: false

Anybody has a solution to this problem? I would be really happy! I currently have disabled the /server command and turned sessions of, removed authme from all my servers except the lobby but this is no solution to the problem as now /server dont work which i encourage my players to use all the time.

it should be:

settings:
  sessions:
    enabled: true   
    timeout: 240
    sessionExpireOnIpChange: true
  restrictions:
    allowChat: false
    allowCommands:

notice "timeout: 240" where is it now, you left it at wrong line :)

it happens, please post here is you fix it, cause im really interested will that broke it.

Cheers :)

I wish you were right, It wasnt like this in the real config file it seems to have been a mistake for pasting it in notepad ^.

What i used as a solution is the following, i removed authme off all my servers except the lobby, disabled the /server command and any form of sessions.. now its secure :) still hope this gets fixed soon though, if you have any other ideas please let me know.

Ohh, im so sorry :( I hope it war really problem there, i wish it was actually :)

Well what to say, im using:

settings:
  sessions:
    enabled: false

AND THAT WORKS!

No session, no nada, please type you password again - period!

I know its bit annoying, but but but... no way sessions, thank you :)