This is valid after concrete5.7. Since implementing Symfony framework, concrete5 is equipped with IP check. If the user changed the originated IP address, concrete5 will log you out. However, this security measurement doesn’t go well with advanced load balancer such as AWS Elastic Load Balancer or CloudFlare. From concrete5’s POV, it can only see the IP addresses of the load balancer ($_SERVER[‘REMOTE_ADDR’] to be exact). Because the balancer’s IP address will constantly be changing, concrete5 (Symfony framework) think your ID&PW may be stolen and log you out. First, you must make sure that the security group of EC2 server is only allowing the incoming access from ELB. You will get the […]