On Wed, 28 Feb 2007 15:31:39 +0200 "Octavian Rasnita" <[EMAIL PROTECTED]> wrote:
> I have created a site using Catalyst, and I access it with IE, but I > can login with no issues. > However, 2 customers told me that they can login on the site from one > location, but they cannot do it from their work place. > I don't know, but it might be the same bug, since after the login, > the program is making an external redirection, and the cookies are > used... > > Anyway, if somebody will find what's the problem, please write on the > list. I have seen this problem. I finally fixed it for my application late last year, after an embarrassingly long time. In my application the sequence of events was: * user goes to main site, foo.org * user is issued a cookie, from foo.org * user submits form, is redirected to bar.foo.org * user is issued another cookie, from bar.foo.org * IE begins sending both cookies to bar.foo.org. Depending on which cookie appears last, one or the other will be "active"; if it's the one from foo.org instead of bar.foo.org, typically you lose, because the session ID isn't known to bar.foo.org. I thought I was giving the right domain= values to make sure that didn't happen; I can't tell if the problem stems from me being too stupid to read the cookie spec right, or the IE team. It's not a spec that, in my opinion, is without some ambiguity. Anyway, the situation appeared intermittently for years. I finally got a trace from a single client on all hosts involved that let me see where the "mystery key" that was confusing bar.foo.org originated. The solution I eventually adopted was to also delete the session cookie for foo.org at the same time as I did the external redirect to bar.foo.org. I haven't heard of the issue popping up again since. Mike. _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
