English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
[MDaemon 24.5/Webmail] WorldClient logged users out earlier than settings
-
Hello,
I am using MDaemon 24.5 with WorldClient webmail serve users.
I configure MDaemon running under reverse proxy (ARR and URL Rewrite module) in IIS which forward URL https://webmail.mycompany.com to http://localhost:3000 (WorldClient default TCP port).
I salsoleave default 20 minutes for any inactive session in Setup/Web & IM Services/Webmail/Webserver in MDaemon Session setting window.
But when user logged in about 10 minutes, MDaemon logged him/her out instead of 20 minutes as configured.
May anyone help me on this? I tried many times to search but did not find out any solution.
Thank you and hope to hear from you all soon.
CDS
-
Is the user being logged out after 10 minutes of inactivity? Or are they logged out after 10 minutes no matter what they are doing?
When they are logged out what happens? Are they taken to the login page? Is there an error on the login page?
If you adjust the inactive session timeout from 20 minutes to 60 minutes, are the users still logged out after 10 minutes?
What does the webmail log show is happening?
What do the IIS logs show is happening?
-
Thank you Arron,
I tried to reproduce the scenario, get logs back and the progress is as belows:
1. Given that:
- Public host of webmail (to the Internet): webmail.mycompany.com. This site is configured with SSL
- Local (behind server): localhost. This is default WorldClient site and port
- Timeout in Setup/Web & IM Services/Webmail/Webserver = 20 minutes (as default)
- IP address of user browser is xxx.yyy.zzz.ooo is stable and fixed
2. Steps:
- From a browser, user access https://webmail.mycompany.com
- He logs in with his credential - OK
- He leaves the browser stay there, even his PC does not run any app, not any action on keyboard or mouse
- With WorldClient style, after exact 5 mins, webmail itself logs out and show "Your session has expired, please sign in again"
- MDaemon webmail logs show:
{d960d0e4d4} Host header on this request: localhost:3000
{d960d0e4d4} Request for session AUNGRX106TC3S denied due to invalid IP | last accessed from xxx.yyy.zzz.ooo:16673 | attempted access from xxx.yyy.zzz.ooo:6312
{d960d0e4d4} Request for session AUNGRX106TC3S from xxx.yyy.zzz.ooo:6132 denied due to invalid IP.- He logs in again successfully with Pro style and he leaves the browser stay there, even his PC does not run any app, not any action on keyboard or mouse
- With Pro style, after exact 10 mins, webmail itself logs out and show "Your session has expired, please sign in again"
- MDaemon webmail logs show:
Session YCEHAZ7TSJ8SS has timed out.
[YCEHAZ7TSJ8SS] Expiring session YCEHAZ7TSJ8SS...
[YCEHAZ7TSJ8SS] Session YCEHAZ7TSJ8SS expired.- He logs in again successfully with LookOut style and he leaves the browser stay there, even his PC does not run any app, not any action on keyboard or mouse
- With LookOut style, after exact 5 mins, webmail itself logs out and show "Your session has expired, please sign in again"
- MDaemon webmail logs show:
{9b9b0c7e3d} Host header on this request: localhost:3000
{9b9b0c7e3d} Request for session OLFFBNBGX8BA7 denied due to invalid IP | last accessed from xxx.yyy.zzz.ooo:51656 | attempted access from xxx.yyy.zzz.ooo:28665
{9b9b0c7e3d} Request for session OLFFBNBGX8BA7 from xxx.yyy.zzz.ooo:28665 denied due to invalid IP.I have also check with IIS log but not find any abnormal thing there.
-
Do you have webmail configured to use the X-Forwarded-For header? (Main | Webmail Settings | Web Server, in the Web Server Settings section)
If you do, is the tool that is adding the X-Forwarded-For header adding the IP and Port to the value of the header? If it is, change it to only add the IP address.
An alternative would be to turn off the "Require IP persistence throughout MDaemon Webmail session" option. If you turn this off make sure you turn on "Use cookies to remember logon name, theme, and other properties". If you turn them both off the sessions will not be secure. These options can all be found in the Web Server settings section at Main | Webmail Settings | Web Server.
