Multiple error 500 Discourse InvalidAccess in default_current_user_provider.rb


I start to have a lot of 500 errors (Discourse InvalidAccess) in my installation and try upgrading, downgrading, backuping, etc… The only way to solve the problem was editing the file /var/www/discourse/lib/auth/default_current_user_provider.rb. Modifying the line

limiter =, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,60)


limiter =, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,0)

Anybody know what to do this line?

Thanks in advance!

Can confirm that this worked for our installation, too. We are running version 1.8.9 +1

Any thoughts on this @sam? This is an older version.

could be a bug in an early version, but disabling the rate limiter is not a good idea, it is there to protect against attacks.

My guess, IP is not being reported correctly to Discourse cause the site is behind a load balancer and every request looks like it is from the same ip.


Thank you so much for the replies. I will check if the IP’s is not arriving correctly and then I will re-enable the recurrent protection.

You’re right… All the ips are because all my visitors are internals users… The app is working as institutional intranet… I dont find the way to pass the real IP’s to discourse… In the nginx logs the IP’s seems fine.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.