Session swapped problem on Apache 2.2.10 with mod_proxy

--00c09f8fe3a8c2a30e04818b94fc
Content-Type: text/plain; charset=UTF-8

Hi there,

We have an app fronted with Apache 2.2.10 with all default apache enabled
modules.

Rarely and randomly, we would encounter session swapped among logged in
users.

Say I have two logged in users in two browsers: A and B. They logged in and
each have a unique session cookie. However at random times, a user A web
request will end up using user B's session (i.e. A's web request will come
back as if user B submitted it), and then from that point on, user A's
browser session cookie is changed to that of user B's, where user B
continues to have the *same* cookie in his cookie file. Now one can use user
A's browser as if user B had logged in on it.

Has anyone seen this odd behavior? I have searched around and it looks very
similar to this issue: http://httpd.markmail.org/thread/h2lk3oikjlgv24be

Any help would be highly appreciated! Thanks!

--00c09f8fe3a8c2a30e04818b94fc
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi there,<div><br><div>We have an app fronted with Apache 2.2.10 with all d=
efault apache enabled modules.</div><div><div><br></div><div>Rarely and ran=
domly, we would encounter session swapped among logged in users.</div><div>
<br></div><div>Say I have two logged in users in two browsers: A and B. The=
y logged in and each have a unique session cookie. However at random times,=
a user A web request will end up using user B's session (i.e. A's =
web request will come back as if user B submitted it), and then from that p=
oint on, user A's browser session cookie is changed to that of user B&#=
39;s, where user B continues to have the *same* cookie in his cookie file. =
Now one can use user A's browser as if user B had logged in on it.</div=
>
<div><br></div><div>Has anyone seen this odd behavior? I have searched arou=
nd and it looks very similar to this issue:=C2=A0<a href=3D"http://httpd.ma=
rkmail.org/thread/h2lk3oikjlgv24be">http://httpd.markmail.or g/thread/h2lk3o=
ikjlgv24be</a></div>
<div><br></div><div>Any help would be highly appreciated! Thanks!</div><div=
><br></div><div><br></div><div><br></div></div></div>

--00c09f8fe3a8c2a30e04818b94fc--
Yang Lin [ Do, 11 März 2010 20:40 ] [ ID #2034692 ]
Webserver » gmane.comp.apache.user » Session swapped problem on Apache 2.2.10 with mod_proxy

Vorheriges Thema: rewrite rule
Nächstes Thema: inter module communication

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum