Concrete5.7 Session Persistence



If anybody is having trouble installing concrete5.7 there is a simple fix for development purposes. Concrete5.7 invalidates a session if the user agent and requestor ip are different than the previous request. c9 workspaces sit behind proxies and almost every request comes different than the previous.

To fix this and maintain session persistence you can comment out line 59 of concrete/src/Session/Session.php

59| // $session->invalidate();

Here is a gist of the working example.


I just want to let you know that since, the session structure has changed.


has moved to the link 80 of
as of concrete5.7.5.6.


BTW, since, you can now set config. You no longer need to modify the core.

  • Create a text file under /application/config/concrete.php

  • Then add the following code and save

    <?php return array( 'security' => array( 'session' => array( 'invalidate_on_ip_mismatch' => false, ) ) );

This should do the trick since


Good stuff, thanks for the update!


Sorry for the multiple post, it’s not really good to disable all IP address check.
We’ve looked around the Symfony doc (concrete5.7 is based on Symfony framework), and found the following work-around.

Now, the best way to fix the problem after is the following.

  • Create /application/config/concrete.php
  • Copy and paste the following code onto it.




Thanks Katzueno. I added the file and the code to my website and it broke it. I got a php error message saying unexpected ‘[’ on line 14

I deleted the code and the website didn’t return, it stated some other error.
I managed to get the website back by using the code from you on 10th Feb




I have not tried this is in c9 BUT this is used and works in production behind load balancers. Give this a try.

Here is the forum link to the discussion involving Katzueono.

remoteIp = _SERVER[‘REMOTE_ADDR’];
return array(
‘security’ => array(
‘trusted_proxies’ => array(
‘ips’ => [$remoteIp],