Hi all, I have a mysterious "mistaken identity" problem that I have not been able to solve. Perhaps someone can shed some light on this.
I authenticate users using Apache::AuthCookieDBI. If anyone is familiar with Apache::AuthCookie* modules, you'd know that the cookie normally contains the user's login info (encrypted). When the cookie is passed back to the server, it is decrypted and the user is identified. I have been getting many reports from our users that they have been mistakenly identified as someone else. I have tried to login as that user and just can't re-create the problem and I can't be at their computer to diagnose it. One thing I'm pretty sure about is that they must have gotton someone else's cookie. Another common thing that I observed is that all the mistaken identity cases have come from the same domain which leads me to believe that it's possible that the proxy on the browser's end may have distributed the cookies wrongly. Has anyone seen this problem? Is there a way to confirm or prevent this? Thanks. Dzuy
