Issues with Thin Client users

  • samwickins32

    (@samwickins32)


    8 years, 4 months ago

    I have a membership site and have installed SP Bouncer to prevent users sharing their account with others by limiting active sessions.

    Today I discovered an issue with this as some of my members are students in a class using ‘thin client’ computers and so are trying to access the site from the same IP. As WP Bouncer will only allow 1 session from a single device, when they all try to log in at the same time I get an immediate I/O fault which crashes the site for 30 seconds.

    Apart from increasing the number of active sessions from a single IP/device to 30, does anyone have any knowledge of a work around for this situation. Ideally, are there any plugins which limit sessions based on username and not IP addresses?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jason Coleman

    (@strangerstudios)

    8 years, 4 months ago

    WP Bouncer doesn’t restrict based on IP address. Users must be logged in, and it only searches for conflicts between users logged in under the same username.

    https://github.com/strangerstudios/wp-bouncer/blob/master/wp-bouncer.php#L183

    Maybe something else is going on. Or maybe I’m confused about what you are trying to do.

    The one issue on your setup I could see is that since the students are likely to have the same browser, same IP, and could theoretically login at the same exact time, then the sessions created for them might look the same if they were logging in with the same user login. In that case, it would do the opposite of what you are saying is happening. It could allow more than one user to use the same login when it should detect them as separate sessions and log them out.

    Thread Starter samwickins32

    (@samwickins32)

    8 years, 4 months ago

    Thank you for getting back. Much appreciated.

    I am not sure what is happening then. Each user has their own username and password. When I tested 5 logging in at the exact same time (i did this on 3 separate occasions) on the thin clients (all sharing the same IP on separate virtual machines) my cPanel logged an I/O fault which is shown below and the website crashed for 30secs:

    The errors from the 3 tests, in reverse order:

    [Wed Dec 13 04:21:59.128439 2017] [access_compat:error] [pid 715717:tid 140181816469248] [client 92.222.29.57:33056] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/Text/b.php, referer: revisecomputerscience.com
    [Wed Dec 13 04:21:23.641984 2017] [access_compat:error] [pid 715557:tid 140181680101120] [client 92.222.29.57:53784] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/certificates/b.php, referer: revisecomputerscience.com
    [Wed Dec 13 04:21:10.887999 2017] [access_compat:error] [pid 715557:tid 140181617161984] [client 92.222.29.57:51258] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/Requests/b.php, referer: revisecomputerscience.com

    [Wed Dec 13 04:18:07.965081 2017] [access_compat:error] [pid 715717:tid 140181764019968] [client 31.211.86.13:45718] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/widgets/b.php, referer: revisecomputerscience.com
    [Wed Dec 13 04:11:41.977432 2017] [access_compat:error] [pid 715779:tid 140181669611264] [client 31.211.86.13:46609] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/pomo/b.php, referer: revisecomputerscience.com

    [Wed Dec 13 04:11:04.671149 2017] [access_compat:error] [pid 715262:tid 140181936809728] [client 92.222.29.57:41880] AH01797: client denied by server configuration: /home/myname/public_html/wp-includes/images/b.php, referer: revisecomputerscience.com

    When I repeated the test in another computer room of networked PCs (all with their own IP addresses) all 5 logged in fine without any issue.

    I assumed that as the only difference was that they are all logging on from the same IP that this would have been the issue but as you say wp-bouncer doesn’t limit users based on IP then I am sorry if I have made a mistake. Is there any other reason for this that you can think of?

    I should add it worked fine when the plugin was deactivated.

    • This reply was modified 8 years, 4 months ago by samwickins32.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Issues with Thin Client users’ is closed to new replies.