Multiple error 500 Discourse InvalidAccess in default_current_user_provider.rb

(Julian Somoza) #1


I start to have a lot of 500 errors (Discourse InvalidAccess) in my installation and try upgrading, downgrading, backuping, etc… The only way to solve the problem was editing the file /var/www/discourse/lib/auth/default_current_user_provider.rb. Modifying the line

limiter =, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,60)


limiter =, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN ,0)

Anybody know what to do this line?

Thanks in advance!


Can confirm that this worked for our installation, too. We are running version 1.8.9 +1

(Jeff Atwood) #4

Any thoughts on this @sam? This is an older version.

(Sam Saffron) #5

could be a bug in an early version, but disabling the rate limiter is not a good idea, it is there to protect against attacks.

My guess, IP is not being reported correctly to Discourse cause the site is behind a load balancer and every request looks like it is from the same ip.

(Julian Somoza) #6

Thank you so much for the replies. I will check if the IP’s is not arriving correctly and then I will re-enable the recurrent protection.

(Julian Somoza) #7

You’re right… All the ips are because all my visitors are internals users… The app is working as institutional intranet… I dont find the way to pass the real IP’s to discourse… In the nginx logs the IP’s seems fine.