[GH-ISSUE #111] Error just after connexion on koel in 3G network #76

New issue

Closed

opened 2026-02-26 02:32:03 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 02:32:03 +03:00

Owner

Copy link

Originally created by @kevincaradant on GitHub (Dec 18, 2015).
Original GitHub issue: https://github.com/koel/koel/issues/111

If i try to connect me on koel , with my wireless network the connexion works but if try with 3G network i get this, just after to entry login and password :

But if i connect me before in wireless and then i continue to use it in 3G network, works fine. So it's only during the connexion (3G / Edge / 4G) that something wrong ;)

Originally created by @kevincaradant on GitHub (Dec 18, 2015). Original GitHub issue: https://github.com/koel/koel/issues/111 If i try to connect me on koel , with my wireless network the connexion works but if try with 3G network i get this, just after to entry login and password :  But if i connect me before in wireless and then i continue to use it in 3G network, works fine. So it's only during the connexion (3G / Edge / 4G) that something wrong ;)

kerem closed this issue 2026-02-26 02:32:03 +03:00

kerem commented 2026-02-26 02:32:03 +03:00

Author

Owner

Copy link

@funcoding commented on GitHub (Dec 19, 2015):

Are you running the server on internal IP?

<!-- gh-comment-id:165969783 --> @funcoding commented on GitHub (Dec 19, 2015): Are you running the server on internal IP?

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@kevincaradant commented on GitHub (Dec 19, 2015):

Nop external IP. I opened my port for that. When you say "server" , you talk about "laravel" ? I just launch it with php artisan serve --host 0.0.0.0 which allow to connect not just in localhost . I don't know if that can help you to understand .

And when i haven't this error , i loop on the login page. After to enter login / password, sometimes i fall up again on the login page like if my credential are false :/ but there are not false ... if i connect again in wifi , all the problems desapear :/. Is it possible to link only at a problem with smartphone browser?

<!-- gh-comment-id:166013861 --> @kevincaradant commented on GitHub (Dec 19, 2015): Nop external IP. I opened my port for that. When you say "server" , you talk about "laravel" ? I just launch it with php artisan serve --host 0.0.0.0 which allow to connect not just in localhost . I don't know if that can help you to understand . And when i haven't this error , i loop on the login page. After to enter login / password, sometimes i fall up again on the login page like if my credential are false :/ but there are not false ... if i connect again in wifi , all the problems desapear :/. Is it possible to link only at a problem with smartphone browser?

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@funcoding commented on GitHub (Dec 19, 2015):

What was the url specified while using 3g?

<!-- gh-comment-id:166016421 --> @funcoding commented on GitHub (Dec 19, 2015): What was the url specified while using 3g?

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@jlamur commented on GitHub (Dec 20, 2015):

Looks like the CSRF Token also checks your IP address (and this is not a good practice).
I'm gonna check it. [EDIT: It seems that there's no IP address checking in CSRF controller, maybe in session controller...].

If that is the problem source, delete cookies will solve the problem.

<!-- gh-comment-id:166056231 --> @jlamur commented on GitHub (Dec 20, 2015): Looks like the CSRF Token also checks your IP address (and this is not a good practice). I'm gonna check it. [EDIT: It seems that there's no IP address checking in CSRF controller, maybe in session controller...]. If that is the problem source, delete cookies will solve the problem.

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@phanan commented on GitHub (Dec 20, 2015):

Looks like the CSRF Token also checks your IP address (and this is not a good practice).

Why?

<!-- gh-comment-id:166069000 --> @phanan commented on GitHub (Dec 20, 2015): > Looks like the CSRF Token also checks your IP address (and this is not a good practice). Why?

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@jlamur commented on GitHub (Dec 20, 2015):

When he switches to 3G network, he gets a new IP and that could explain why his CSRF Token is rejected.

Identify someone by IP is never a good idea. It leads in every cases to an undesired disconnecting. Expect if you are in a closed environment (like a company network, or VPN).

Moreover, if someone can steal a CSRF Token, then wants to use it, he will need the session cookie. And if the attacker can have both of them, he can probably use the victim computer or the same network/ip.

That's my opinion.

<!-- gh-comment-id:166069557 --> @jlamur commented on GitHub (Dec 20, 2015): When he switches to 3G network, he gets a new IP and that could explain why his CSRF Token is rejected. Identify someone by IP is never a good idea. It leads in every cases to an undesired disconnecting. Expect if you are in a closed environment (like a company network, or VPN). Moreover, if someone can steal a CSRF Token, then wants to use it, he will need the session cookie. And if the attacker can have both of them, he can probably use the victim computer or the same network/ip. That's my opinion.

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@jlamur commented on GitHub (Dec 20, 2015):

Non sense in last paragraph. What I wanted to say was that if you implement the CSRF protection the good way there's no risk to not check IP.
It's 7 am here i'm gonna sleep now ! :)

<!-- gh-comment-id:166070743 --> @jlamur commented on GitHub (Dec 20, 2015): Non sense in last paragraph. What I wanted to say was that if you implement the CSRF protection the good way there's no risk to not check IP. It's 7 am here i'm gonna sleep now ! :)

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@phanan commented on GitHub (Dec 20, 2015):

CSRF is done by Laravel, to whom I'd trust ;)

<!-- gh-comment-id:166089406 --> @phanan commented on GitHub (Dec 20, 2015): CSRF is done by Laravel, to whom I'd trust ;)

kerem commented 2026-02-26 02:32:04 +03:00

Author

Owner

Copy link

@kevincaradant commented on GitHub (Dec 20, 2015):

I have some news or precisions , maybe that will be able to help you. All cases after is with my external IP , port 8000.

In 3G : On smartphone without cookie, I come on the login page , i click on "log in" button, i get immediatly the error line 2928. with or without my credential, it's the same problem.

In Wifi : On smarthphone with / without cookie , i come on the login page , i can to connect me without problem.

In 3G but share network 3G on my computer (hotspot) : I check on my pc , i have the IP from my phone service , On the computer , i can connect me exactly like with the wifi without any problem.

Personnaly i don't understand why .... it's weird for me but maybe for you , that will help you :)

<!-- gh-comment-id:166118021 --> @kevincaradant commented on GitHub (Dec 20, 2015): I have some news or precisions , maybe that will be able to help you. All cases after is with my external IP , port 8000. In 3G : On smartphone without cookie, I come on the login page , i click on "log in" button, i get immediatly the error line 2928. with or without my credential, it's the same problem. In Wifi : On smarthphone with / without cookie , i come on the login page , i can to connect me without problem. In 3G but share network 3G on my computer (hotspot) : I check on my pc , i have the IP from my phone service , On the computer , i can connect me exactly like with the wifi without any problem. Personnaly i don't understand why .... it's weird for me but maybe for you , that will help you :)

kerem referenced this issue 2026-02-26 02:35:36 +03:00

[PR #76] [CLOSED] Queue media sync when media path is set #1146

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

release

dependabot/composer/phpunit/phpunit-12.5.22

dependabot/npm_and_yarn/dompurify-3.4.0

dependabot/npm_and_yarn/vite-plus-0.1.17

dependabot/composer/phpseclib/phpseclib-3.0.51

1889-duplicate-upload-detection

test/home-screen-empty-to-content

fix/exclude-songless-albums-from-recently-added

refactor/laravel-prompts

fix/wma-cover-art-exception

fix/remove-redundant-seed-step

chore/upgrade-laravel-13

chore/upgrade-vue-3.5.29

test/phase-7-components

dbg-2142

demo-fix

debug-mysql

trusthosts

seek

fix-equalizer

sentry

invite-user

remove-v6-obsolete

fix/song-list

feat/paths-filter

fix/home

fix/footer

feat/progressive

php81

dev/public-playlists

cy

feat/l7

dependabot/composer/pusher/pusher-php-server-4.1.4

dependabot/composer/laravel/framework-5.8.38

dependabot/composer/jackiedo/dotenv-editor-1.1.1

renovate/pin-dependencies

actions

api-doc

feat/recently-played

fix-tests

fix-cover-page

upload

stylejs-196

compilation

vuex

android-notif

nojquery

demo

vue2

2.0

1.1

v9.1.2

latest

v9.1.1

v9.1.0

v9.0.0

v8.3.1

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.15.1

v7.15.0

v7.14.0

v7.13.0

v7.12.0

v7.11.0

v7.10.4

v7.10.3

v7.10.2

v7.10.1

v7.10.0

v7.9.0

v7.8.1

v7.8.0

v7.7.1

v7.7.0

v7.6.3

v7.6.2

v7.6.1

v7.6.0

v7.5.2

v7.5.1

v7.5.0

v7.4.2

v7.4.1

v7.4.0

v7.3.1

v7.3.0

v7.2.2

v7.2.1

v7.2.0

v7.1.0

v7.0.12

v7.0.11

v7.0.10

v7.0.9

v7.0.8

v7.0.7

v7.0.6

v7.0.5

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.12.1

v6.12.0

v6.11.5

v6.11.4

v6.11.3

v6.11.2

v6.11.1

v6.11.0

v6.10.0

v6.9.0

v6.8.5

v6.8.4

v6.8.3

v6.8.2

v6.8.1

v6.8.0

v6.7.5

v6.7.4

v6.7.3

v6.7.2

v6.7.1

v6.7.0

v6.6.0

v6.5.3

v6.5.2

v6.5.1

v6.5.0

v6.4.3

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.0

v6.0.6

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v0.0.0-beta

v5.1.14

v5.1.13

v5.1.12

v5.1.11

v5.1.10

v5.1.9

v5.1.8

v5.1.7

v5.1.6

v5.1.5

v5.1.4

v5.1.3

v5.1.2

v5.1.1

v5.1.0

v5.0.2

v5.0.1

v5.0.0

v4.4.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.1

v4.1.0

v4.0.0

v3.7.2

v3.7.1

v3.7.0

v3.6.2

v3.6.1

v3.6.0

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.1

v3.3.0

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.2.1

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.1.2

v1.1.1

1.0.0-beta

Labels

Clear labels   

Authentication

  

Dependencies

  

Documentation

  

Feature Request

  

Flac

  

Help Wanted

  

Installation/Setup

  

Integration

  

Mobile

  

PR Welcome

  

Pending Release

  

Performance

  

Playlist

  

S3

  

Search

  

Sync

  

[Pri] Low

  

[Pri] Normal

  

[Status] Keep Open

  

[Status] Needs Author Reply

  

[Status] Needs Review

  

[Status] Stale

  

[Status] Will Implement

  

[Type] Blessed

  

[Type] Bug

  

[Type] Duplicate

  

[Type] Enhancement

  

[Type] Help Request

  

[Type] Question

  

[Type] Task

  

pull-request

Mirrored from GitHub Pull Request

No labels

Authentication

Dependencies

Documentation

Feature Request

Flac

Help Wanted

Installation/Setup

Integration

Mobile

PR Welcome

Pending Release

Performance

Playlist

S3

Search

Sync

[Pri] Low

[Pri] Normal

[Status] Keep Open

[Status] Needs Author Reply

[Status] Needs Review

[Status] Stale

[Status] Will Implement

[Type] Blessed

[Type] Bug

[Type] Duplicate

[Type] Enhancement

[Type] Help Request

[Type] Question

[Type] Task

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/koel-koel#76

No description provided.