[Zope] FSSession problems...
Mon, 18 Sep 2000 18:54:22 -0400 (EDT)
I am also experiencing the problem of two different users sharing the same
session inadvertently. However, in my case, I can disqualify a few things
that were previously discussed as possible reasons why this happens and
add some more info:
- Zope is running without Apache
- Clients have different SessionUID's assigned (2580309312979106
- Clients are netscape on linux running on the same computer as zope
vs. netscape on nt4 in the same local network as the other (with no
caching in between).
- I have the two browsers open and I can freely modify page on one, reload
the same page on the other and see the updates reflected.
Any clues appreciated.
On Tue, 29 Aug 2000, Curtis Maloney wrote:
> On Tue, 29 Aug 2000, Pavlos Christoforou wrote:
> > On Mon, 28 Aug 2000, Curtis Maloney wrote:
> > > </dtml-if>
> > >
> > > This was aparently working fine for quite some time (about a month
> > > public usage), until last week. We have examined logs, and seen
> > > person accidentaly used the system under someone elses ReturnerID,
> > > then rectified their mistake.
> > If he did rectify the mistake then that should not have resulted in a
> > problem. In any case the problem should have been isolated to that
> > only. Could it be that the cookie is cached somewhere? I am not
> > with the underlying pricinciples of the apache Proxy directives.
> The user 'rectified' the problem by submitting the request again under
> own ID. I don't know when/how they noticed, and am not able to contact
> for further comment.
> As for the cookie being cached, I don't know. It is possible, as I
> that Apache is causing problems. ProxyForward means that when a URL
> a rule, it will be 'forwarded' to another server, and the returned page
> issued as if from Apache.
> From the benchmarks I've seen, this is the fastest way to run
> I can see how it could confuse Zope into thinking two different users
> requests are from the same machine, since all the requests are coming
> Apache. However, I am hoping (going to check on this, of course
:) that the
> smart folks at Apache have made it 'proxy' properly, to avoid this sort
> > Pavlos