This site works best with JavaScript enabled. Please enable JavaScript to get the best experience from this site.
What steps will reproduce the problem?1. Install Authme on a server with BungeeCord2. Try to set Sessions so that users dont need to login whenever they switch server.3. Log out as owner.4. Someone else logs in as owner without password beeing asked.5. Server is completely ruined.
What is the expected output? What do you see instead?I expect Authme to destroy session on ip change, as i have set it in the config
What version of the product are you using?Tried multiple, same problem untill latest version as of today (30-09)
Do you have an error log of what happened?(Server console output)There are no errors, it just dont secure nothing.
Please provide any additional information below.(config.yml)DataSource: mySQLColumnName: username mySQLTablename: authme mySQLUsername: ***** backend: mysql mySQLColumnLastLogin: lastlogin mySQLDatabase: ***** mySQLPort: '3306' mySQLColumnIp: ip mySQLHost: 127.0.0.1 mySQLColumnPassword: password mySQLPassword: ***** caching: true mySQLlastlocX: x mySQLlastlocY: y mySQLlastlocZ: z mySQLlastlocWorld: world mySQLColumnEmail: email mySQLColumnId: idGroupOptions: UnregisteredPlayerGroup: '' RegisteredPlayerGroup: '' Permissions: PermissionsOnJoin: []settings: sessions: enabled: true timeout: 240 sessionExpireOnIpChange: true restrictions: allowChat: false allowCommands: - /login - /register - /l - /reg - /passpartu - /email - /captcha maxRegPerIp: 1 maxNicknameLength: 20 ForceSingleSession: true ForceSpawnLocOnJoinEnabled: false SaveQuitLocation: false AllowRestrictedUser: false AllowedRestrictedUser: [] kickNonRegistered: false kickOnWrongPassword: false teleportUnAuthedToSpawn: true minNicknameLength: 3 allowMovement: false timeout: 30 allowedNicknameCharacters: '[a-zA-Z0-9_?]*' allowedMovementRadius: 100 enablePasswordVerifier: true ProtectInventoryBeforeLogIn: true displayOtherAccounts: true ForceSpawnOnTheseWorlds: - world - world_nether - world_the_end banUnsafedIP: false GameMode: ForceSurvivalMode: false ResetInventoryIfCreative: false ForceOnlyAfterLogin: false security: minPasswordLength: 4 unLoggedinGroup: unLoggedinGroup passwordHash: XAUTH doubleMD5SaltLength: 8 registration: enabled: true messageInterval: 5 force: true enableEmailRegistrationSystem: false doubleEmailCheck: false unrestrictions: UnrestrictedName: [] messagesLanguage: enExternalBoardOptions: mySQLColumnSalt: '' mySQLColumnGroup: '' nonActivedUserGroup: -1 mySQLOtherUsernameColumns: [] bCryptLog2Round: 10Xenoforo: predefinedSalt: ''permission: EnablePermissionCheck: falseBackupSystem: ActivateBackup: false OnServerStart: false OnServerStop: true MysqlWindowsPath: C:\\Program Files\\MySQL\\MySQL Server 5.1\\Passpartu: enablePasspartu: falseSecurity: SQLProblem: stopServer: true ReloadCommand: useReloadCommandSupport: true console: noConsoleSpam: false removePassword: true logConsole: false captcha: useCaptcha: false maxLoginTry: 5 captchaLength: 5Converter: Rakamak: fileName: users.rak useIP: false ipFileName: UsersIp.rak newPasswordHash: SHA256Email: mailSMTP: smtp.gmail.com mailPort: 465 mailAccount: '' mailPassword: '' mailSenderName: '' RecoveryPasswordLength: 8 mailSubject: Your new AuthMe Password maxRegPerEmail: 1 mailText: 'Dear <playername>, <br /><br /> This is your new AuthMe password for the server <br /><br /> <servername> : <br /><br /> <generatedpass><br /><br />Do not forget to change password after login! <br /> /changepassword <generatedpass> newPassword'Hooks: multiverse: true chestshop: true bungeecord: true notifications: true disableSocialSpy: true useEssentialsMotd: falsePerformances: useMultiThreading: false
Anybody has a solution to this problem? I would be really happy! I currently have disabled the /server command and turned sessions of, removed authme from all my servers except the lobby but this is no solution to the problem as now /server dont work which i encourage my players to use all the time.
it should be:
settings: sessions: enabled: true timeout: 240 sessionExpireOnIpChange: true restrictions: allowChat: false allowCommands:
notice "timeout: 240" where is it now, you left it at wrong line :)
it happens, please post here is you fix it, cause im really interested will that broke it.
Cheers :)
I wish you were right, It wasnt like this in the real config file it seems to have been a mistake for pasting it in notepad .
What i used as a solution is the following, i removed authme off all my servers except the lobby, disabled the /server command and any form of sessions.. now its secure :) still hope this gets fixed soon though, if you have any other ideas please let me know.
Ohh, im so sorry :( I hope it war really problem there, i wish it was actually :)
Well what to say, im using:
settings: sessions: enabled: false
AND THAT WORKS!
No session, no nada, please type you password again - period!
I know its bit annoying, but but but... no way sessions, thank you :)
To post a comment, please login or register a new account.