We've gotten some reports in one of our Catalyst applications that users
are "swapping places". ie, they are suddenly logged in as another user,
or someone has accessed their account. I've done some quick looking and
don't see anything unusual.
I was wondering if it could possibly be session key collisions? Have
any of you experienced this?
I'm using the following session plugins:
Session (0.13)
Session::Store::Memcached (0.2 current)
Session::State::Cookie (0.06)
They are not the most current versions, although I don't see anything in
the changelog relating to session collisions.
Also, does anyone have advice on how to institute some debugging to try
to catch these session collisions? I was thinking of storing their
username in a separate cookie, and checking this cookie when we load a
session to make sure that they match, similarly to how the
verify_address functionality works.
Thanks!
Jim
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
