-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, October 26, 2005 13:08, John Crawford wrote: >>> Hi. >>> Yesterday we apparently had a user contaminate another user's pref >>> file with contents much like that of the contaminating user. diff'ing >>> the two, the sort value was different (one =1, one =0) otherwise >>> identical. The pref file which had the correct name/addresses had a >>> recent modification date, which predated the time the bogus >>> information was used in an email by the effected user. I lost the >>> modification date information on the corrupted pref file when I edit >>> corrected the user name/email contents. >> There is a PHP bug reported a few times on the php bug tracker that >> reports that in some rare cases, the session cookie is not being >> deleted, but replaced with the text 'deleted'. When another computer >> gets the same cookie, and they both attempt to start a session, they >> both end up seeing the same session files, and various preferences and >> what not get corrupted. This is the only explanation I can think of >> that would result in two sessions, on physically seperate machines, >> being corrupted. Can you check where PHP is saving your session files, >> and see if you have sess_deleted files? > > Hi. Thanks for your help Jonathan, > > > My php session files are all recent, and none appear with > the file name sess_deleted, rather all are uniformly recent and of the > form sess_3768815a66a940232 (etc). > > To correct your summary thought above, I'm seeing known corruption > in this incident in one account pref file. Both user "a" and user "d" were > on yesterday, no overlap on computers station use. User a had updated > sorting preferences during the last days, perhaps yesterday too. User a > apparently updated the pref file at (about) 1:40pm yesterday. About 20 > minutes later, user d was sending messages with a pref file that looked > like user a's pref (with the difference being sort options). So I'm > thinking user a's preference change went to user d or user a's old pref > file went to user d then user a's was updated correctly. > > More information... We've seen this happen once before without having the > opportunity to fully study it, 2 months ago. And oddly enough it was the > same user "a" name/address that showed up in another (not user d) user's > preferences. A bit odd it was the same user information injected into > another pref file twice now. > > I just sat with user A at a windows 2000 desktop and there were no > exceptional messages with the session experience. We modified the > preferences by hand and saved it with success (and no corruption of other > user preferences). For whatever > it's worth, she was using an older mac at home yesterday when things went > wrong. "Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC). Could it be the browser isn't dropping the session cookie? I'm not sure how well Microsoft managed their migration of IE to the Mac, but it could be possible that the session cookie user A has is being retained even after a browser restart, or they are just not shutting down their browser (and computer) at all and the session is expiring in PHP, but the cookie remains on the client. With this thought in mind, it would easily be a case of the following: - User D logs in and is assigned session id abc123 - User A opens browser and has session cookie already with id abc123 - User A logs in, the session is repopulated with their preferences, and user D's session is now trashed. Would it be possible to perform a few tests? Open a browser on user A, go to the login page, login, see what cookies you have been assigned and find out the session id... make a note... restart the browser... rinse, repeat. - -- Jonathan Angliss <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iEYEARECAAYFAkNf1iMACgkQK4PoFPj9H3MWmACcD6v3sJbFad4MZUBKaeoi7n4B FFgAoJ6EXqgse2h3SP9nq+En2WW2EXO1 =/R/q -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id)95 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
