PKP Support

[rsshaw]

I encountered this on my OJS 1.1.8 test system and repeated it on the PKP demo system. The symptom is that when at a table of contents entry with a PDF link, clicking on the PDF link sends the browser to the login page. Logging in and returning to the TOC page and clicking any PDF link goes right back to logon - can't access the document.

This is almost certainly connected with the proxy server I normally use - when I bypass it, things will work (after a double logon if the proxy had just been being used).

The proxy is supplied by http://www.propel.com as an acceleration service provided by my dial-up ISP. I've been using this accelerator for over a year and have never seen a problem like this. I know the workaround, but accessors of my journal would be sorely inconvenienced if they ran into this.

By the way, the system is generally very nice - thanks for providing it.

[kevin]

You may want to try disabling the IP address check in include/session.inc.php:

Code: Select all

@@ -73,7 +73,7 @@
        if($db->num_rows($result) != 0) {
                // check that IP of existing session matches
                list($session_ip) = $db->assoc_array($result);
-               if($session_ip != $ip) {
+               if(false && $session_ip != $ip) {
                        // invalid IP, redirect to login form
                        session_destroy();
                        redirect("login.php?op=logout");


[rsshaw]

The suggested patch does work around the problem; thanks. I haven't been able to figure out why the Propel accelerator proxy I'm using uses its own IP address on most requests but not on the PDF getdoc request, on which the users PC IP address is sent. I think it might be quirky or buggy.

A slight concern is that the patch disables the IP checking. This checking I presume is a security precaution; otherwise a cookie forgery could get access without a proper logon. Because of this, I have suggested a change to this code in Bugzilla #1251.