[Zope] FSSession problems...

Curtis Maloney curtis@umd.com.au
Fri, 25 Aug 2000 17:06:28 +1000


On Fri, 25 Aug 2000, Curtis Maloney wrote:
> Greetings,
>
> I'm using FSSession to store login details about visitors to our site.  It
> is important that users only be able to see their own data (of course).
>
> Today, however, I find out that some mistakes have been happening.  People
> are finding themselves logged in when they haven't yet, and others finding
> they're logged in as someone else.  This is, obivously, a problem.
>
> I cannot see how this could be happening, since the Session ID is stored in
> a cookie, which should be unique to the client.
>
> I am using:
>
> Zope 2.1.6 on Solaris 2.7
> FSSession 0.4.0
>


Further details:

Some internal testins has shown that is User A logs in with IE, and User B 
opens the page fresh (from another machine) they will be logged in as User A.

But if User A logs in with NS, this doesn't happen.

I am really confused as to what's going on....


My only thoughts are that FSSession is perhaps getting confused by Apache, 
but surely it would re-issue the same Session ID the request came in with?

Curtis