Hmmm...
I have an authentication system that uses the Apache::Session::MySQL
backend with cookies to handle authentication.
Sequence I use is:
1) Get username and password
2) If ok, generate a sessionkey and set
$udat{'sessionkey'}=gen_sessionkey($username)
However, every now and then Embperl will suddenly turn up with an old
value for $udat{'sessionkey'}.
I've got gen_sessionkey to error log when it generates a new key.
Here's what happens:
1) I get myself a sessionkey
2) It gets put into the session cookie (I turn on warn on all cookies so
I can see it being set)
3) I go about my business
Now, every time that I verify a session key I log that and the value of
the session key to the error log.
Most of the time, the session key behaves itself.
However, sometimes - especially after forms and especially with forms
that use GET rather than POST - it turns up with an old session key. The
$udat{'sessionkey'} definitely USED TO belong to the user.
Most of the time, about 6 or 10 downloads will "magically" convince
Embperl/Apache (or whatever) to get the right value but sometimes I just
have to log in again.
At first I thought that my stupid Netscape 4.76 for Linux had a bug and
kept on sending the wrong cookie but but I've tried:
Netscape 4.76 for Linux
Netscape 4.77 for Linux
Netscape 4.76 running under Linux compatibility for FreeBSD 4.4
Mozilla 0.74 for Linux
Internet Explorer (v 5 or something like that)
Netscape 6.0 under Windows
And they ALL display the same behaviour.
Anyone seen anything similar or does it kinda remind you of an
experience that you had?
DSL
--
If we could extract all the evil from each of us,
Think of the world that we could create!
A world without anger, or violence or strife...
(From the Musical, Jekyll and Hyde)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
