Security sandbox

Part of the security of the sso-www sign-on (but not the sso-portal sign-on) is that it checks the IP address of the client computer. If this IP address changes, the visitor is asked to log in again.

For most visitors, this is not a problem, but some visitors have ISPs that change their IP address every time they makes a request to the Internet—even if the request comes less than a second after the previous request.

The easiest way to fix this if your visitors are running into a problem because of their IP address changing is to use the portal-based single sign-on.

If your page has visitors with this problem, and you cannot switch to the sso-portal single sign-on, you can choose to remove that security option. Add this before you do $sso->authenticate() but after you require the sso_ file:

$sso->allowMaybe();

This sandboxes the visitor’s login if their IP address changes. Rather than kicking them out, it continues to let them use your page, but they will need to log in again if they go to another page that requires a login.