Multi user login in single browser window causes connection issues

Hello
We have an issue with our v9 erpnext server. When we login as 2 different users in the same browser window (2 different tabs), the connection fails.
And here after if i try to login the site is not accessible. But it will be accessible through another ISP.

We were able to consistently reproduce this issue.

Did anyone come across such issues ? What is the work around for this. We are not able to access our website.I tried restarting the server on the digital ocean. But same issue.

As a enhancement/development to fix this issue:
Sree Harsha suggested, that its better that, when we try to login again, it should not take us to login page, so that we are forced to logout. And then login as a new user

Please let us know.

Refer this link :

For Firefox :

https://support.mozilla.org/en-US/kb/containers

Thanks Revanth.
Actually our motive is not to do mulit user logins. That was a one time thing. But since then our server is not accessible.

I opened this issue, as i want to find out how to access our server. Since yesterday our server is not reachable through my machine. As i logged in using multi users. If i change the ISP, its accessible.

My issue is not do multi user login, but to find a way to login into my server which has been inaccessible since yesterday.

Sorry if i was not clear.

The issue relates to Fail2ban. Your IP gets blocked by fail2ban as it sees such login attempts as potentially unauthorised. Typically it is supposed to unban the IP after a pre-defined time but i haven’t figured out how much time that is. I’ve had that issue several times and my IP gets unbanned by the next day but i’m still trying to figure out a way to permanently whitelist the IP so no matter what i do my IP doesn’t get banned.

1 Like

@flexy2ky Thank you for the response.

Now its working. I checked after 24 hours it didnt work. Now its been more than 36 hrs so its working now. So i guess it takes around 36hrs to whitelist.

Thanks a lot for your help.

I was told if we restart the wifi router we may get a new IP and it would work. But i use LAN, dont use wifi router.

Couple of queries

  1. Is this ban functinoality in the server or, somwhere in middle in the route path.
  2. Any workarounds to get it working before 36 hours.
frappe@server:~/frappe-bench$ sudo bench setup fail2ban --help
Usage: bench setup fail2ban [OPTIONS]

Options:
  --maxretry INTEGER  Number of matches (i.e. value of the counter) which
                      triggers ban action on the IP. Default is 6 seconds
  --bantime INTEGER   The counter is set to zero if no match is found within
                      'findtime' seconds. Default is 600 seconds
  --findtime INTEGER  Duration (in seconds) for IP to be banned for. Negative
                      number for "permanent" ban. Default is 600 seconds
  --help              Show this message and exit.

2 Likes

Thanks @revant_one
Looks like we can setup the master data such as time to ban etc.

Is there anyway we can update the tables, to remove the entry for my IP, if its in the ban list. Through the CLI

Which table is it, may be i can use SQL commands.

emmm… Should this also affect local installations? I have a local site that runs v9 and this happens right on the server, the inventory guys work on the local server at localhost:8080 you know, and once one forgets to logout and another tries to login, everything disconnects.

you need to reboot the server, thats the only solution.

it wasnt a problem before, don’t know if it’s in v10.

summarily: should this affect a standalone server? maybe this needs further analysis. wasnt a problem with previous versions.

we’ve had this for over 4 months but its not so bad as we simply restart.

@noetico it affect v10 as well. Based off of @revant_one’s post above, i have set findtime to zero. Hoping this will help stop the prolonged banning.

@flexy2ky But setting to 0, will this cause the hackers to easily intrude

@kothagunda I know but i have been unable to figure out how to do the alternative; whitelist my IP address. I have zero coding knowledge and all the instructions i’ve found on how to whitelist IP address in Fail2ban are contradictory. I don’t want to mess up my ERPNext instance and there’s no instruction from the community on how to do this.

@revant_one and @rmehta any help on @flexy2ky query please.

This is not a bug. Since the requests are authenticated by cookies, you can’t login with two separate users in the same browser.

@rmehta yes I know this is not a bug. What I asked is for a clear way to whitelist my IP address in Fail2ban so whatever i do within my IP i don’t get locked out. Just as there are clear instructions on how to modify bantime from bench as posted above by @revant_one, it would be nice to know how to whitelist an IP.

Instructions i’ve found through search on how to whitelist an IP address on fail2ban are not consistent and as such, being a Noob, i am less inclined to test what i am not sure the outcome would be.

@flexy2ky , pls pass on the instructions you have found to whitelist the IP. I will try it out.

First, edit the config file :

vi /etc/fail2ban/jail.conf

Then, check the line :

ignoreip =
Add now add all ip you want. Each IP or range IP must be placed here with a space. Ex: 192.168.0.1 192.168.5.0/32

Save. And restart Fail2Ban:

service fail2ban restart

This is one of them.

Step 1: Find IP Address to Unblock
Log in to your server via SSH and type in the following command:

iptables -L -n --line-numbers

Look for the IP address you want to unblock / unban. See the target of the IP address as well as the num (line number).

Step 2: Unban IP Address from fail2ban
For this example, we will remove an IP address with the target of fail2ban-ssh-ddos. To do so, type in the following:

iptables -D fail2ban-ssh-ddos 1

The IP address should now be unbanned from fail2ban.

This is another.

2 Likes

Thanks @flexy2ky

While our IP was banned. I was successfully able to unban using.

iptables -L -n --line-numbers
iptables -D f2b-NoNginxProxy 1
iptables -D f2b-sshd 1

Since the IP was there in both f2b-NoNginxProxy and f2b-sshd, i ran delete on both. Not sure if the NoNginxProxy was required. But its working.

Really appreciate your help. It has been causing issue for around 10 people, at KisanMitra team, and Sahaja Aharam Teams of ours.

Thanks a lot @flexy2ky

3 Likes

Opened an issue for the same