I am an idiot. Please ignore the previous post.
Richard :(
----- Original Message -----
From: "Richard Clarke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 24, 2002 2:00 AM
Subject: (browser bug) Internet Explorer AuthCookie and others
> List,
> I just wanted to post to see if anyone could help me understand this
> (probably internet explorer) based problem. In the past I have used my own
> custom authcookie type modules. Sometimes I experience problems where
> internet explorer sends back a cookie with the incorrect hash (maybe an
old
> cookie) and causes the authentication to fail since the hash's don't
match.
> I didn't have this problem "too" often though. However I am trying out
> Apache::dnszone which uses AuthCookie. The same type of things happens
with
> AuthCookie except here it happens nearly EVERY time I try to perform a
> priviliged operation. Of course with mozilla it works perfectly every
time.
> Is this another browser based bug?
>
> The section of AuthTicker.pm which croaks the error is
> ----
> my $newhash = md5_hex($secret .
> md5_hex(join ':', $secret, $ip,
> @ticket{qw(version time expires user)})
> );
>
> unless ($newhash eq $ticket{'hash'}) {
> # ticket hash does not match (ticket tampered with?)
> $r->subprocess_env(AuthTicketReason => 'tampered_hash');
> return 0;
> }
> ---
>
> This is pretty much identical code to where my code croaks (except mine
> doesnt seem as often).
>
> So I'm guessing internet explorer screws up somehow and sends and old
cookie
> or something weird. No doubt others have experience this and know what is
> happening. Please explain
>
> Yours,
> Richard
>
>
>
>
