On 11 Jul 2008, at 15:47, Jim Spath wrote:
We've gotten some reports in one of our Catalyst applications that
users are "swapping places". ie, they are suddenly logged in as
another user, or someone has accessed their account. I've done some
quick looking and don't see anything unusual.
I was wondering if it could possibly be session key collisions?
Have any of you experienced this?
Yes, I've had similar reports from IE users. Let me work out what I
changed..... Ah yes - it was an over zealous proxy sitting in the
middle.
sub end : ActionClass('RenderView') {
my ($self, $c) = @_;
$c->res->header(Pragma => 'no-cahce');
$c->res->header('Cache-Control' => "no-cache, must-revalidate");
}
was how I solved my problem. Of course this was for a classroom of
kids so it was easier to work out since I knew they'd be behind the
same proxy.
I'm using the following session plugins:
Session (0.13)
Session::Store::Memcached (0.2 current)
Session::State::Cookie (0.06)
They are not the most current versions, although I don't see
anything in the changelog relating to session collisions.
Also, does anyone have advice on how to institute some debugging to
try to catch these session collisions? I was thinking of storing
their username in a separate cookie, and checking this cookie when
we load a session to make sure that they match, similarly to how the
verify_address functionality works.
Thanks!
Jim
(I was using Cache::FastMmap at the time)
-ash
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
