[Zope] FSSession problems...

Ayhan Ergul ergul@ccs.neu.edu
Mon, 18 Sep 2000 18:54:22 -0400 (EDT)

I am also experiencing the problem of two different users sharing the same
session inadvertently. However, in my case, I can disqualify a few things
that were previously discussed as possible reasons why this happens and
add some more info:

- Zope is running without Apache
- Clients have different SessionUID's assigned (2580309312979106
vs. 26209573571042815)
- Clients are netscape on linux running on the same computer as zope
vs. netscape on nt4 in the same local network as the other (with no
caching in between).
- I have the two browsers open and I can freely modify page on one, reload
the same page on the other and see the updates reflected.

Any clues appreciated.


On Tue, 29 Aug 2000, Curtis Maloney wrote:
> On Tue, 29 Aug 2000, Pavlos Christoforou wrote:
> > On Mon, 28 Aug 2000, Curtis Maloney wrote:
> > > </dtml-if>
> > >
> > > This was aparently working fine for quite some time (about a month
> > > public usage), until last week.  We have examined logs, and seen
that one
> > > person accidentaly used the system under someone elses ReturnerID,
> > > then rectified their mistake.
> >
> > If he did rectify the mistake then that should not have resulted in a
> > problem. In any case the problem should have been isolated to that
> > only. Could it be that the cookie is cached somewhere? I am not
> > with the underlying pricinciples of the apache Proxy directives.
> >
> >
> The user 'rectified' the problem by submitting the request again under
> own ID.  I don't know when/how they noticed, and am not able to contact
> for further comment.
> As for the cookie being cached, I don't know.  It is possible, as I
> that Apache is causing problems.  ProxyForward means that when a URL
> a rule, it will be 'forwarded' to another server, and the returned page 
> issued as if from Apache.
> From the benchmarks I've seen, this is the fastest way to run
Zope.  However, 
> I can see how it could confuse Zope into thinking two different users 
> requests are from the same machine, since all the requests are coming
> Apache.  However, I am hoping (going to check on this, of course
:)  that the 
> smart folks at Apache have made it 'proxy' properly, to avoid this sort
> problem.
> > Pavlos
> >
> Curtis