[Grok-dev] Strange session / security problem with Grok 0.14

Kit BLAKE kitblake at gmail.com
Mon Jan 12 06:22:44 EST 2009


2009/1/11 Ivo van der Wijk <vladdrac at gmail.com>:
> 2009/1/11 Ivo van der Wijk <vladdrac at gmail.com>:
>> Hi,
>>
>> One of my apps recently got deployed in production and we're
>> experiencing a strange security issue. It's asif people can randomly
>> (unwillingly) take over each others session. There's no reliable/easy
>> way to reproduce this so it's very hard to debug.
>>
>
> Small correction/update: We're using grok 0.13. The production site
> where the error occurs is running behind apache with virtual hosting.
> Locally I haven't been able to reproduce the problem (by accessing
> zope directly on port 8080)

Is there a proxy in the game? We once did a training for a government
department that gets its internet via a proxy, and the exact same
behavior happened; users would be a different users with each page
load.

-- 
Kit BLAKE · Infrae · http://infrae.com/ + 31 10 243 7051


More information about the Grok-dev mailing list