Log entry for failed consistentAddress="true" check
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
When a checkAddress="true" check fails at the SP, there is appropriate logging in place. A deployer reports that the failure of consistentAddress="true", while resulting in both failed access and destruction of the (potentially stolen) session, does not log anything to allow identification of what had happened.
Environment
None
Activity
Show:
Scott Cantor November 9, 2011 at 6:50 PM
Added address information to existing warning in rev. 3540.
Scott Cantor November 9, 2011 at 6:23 PM
Edited
I'm fairly sure it logs "client address mismatch" on WARN in the SessionCache category.
Fixed
Pinned fields
Click on the next to a field label to start pinning.
When a checkAddress="true" check fails at the SP, there is appropriate logging in place. A deployer reports that the failure of consistentAddress="true", while resulting in both failed access and destruction of the (potentially stolen) session, does not log anything to allow identification of what had happened.