On Fri, 25 Aug 2000, Curtis Maloney wrote:
> Greetings,
> I'm using FSSession to store login details about visitors to our site.  It
> is important that users only be able to see their own data (of course).
> Today, however, I find out that some mistakes have been happening.  People
> are finding themselves logged in when they haven't yet, and others finding
> they're logged in as someone else.  This is, obivously, a problem.
> I cannot see how this could be happening, since the Session ID is stored in
> a cookie, which should be unique to the client.
> I am using:
> Zope 2.1.6 on Solaris 2.7
> FSSession 0.4.0

Further details:

Some internal testins has shown that is User A logs in with IE, and User B 
opens the page fresh (from another machine) they will be logged in as User A.

But if User A logs in with NS, this doesn't happen.

I am really confused as to what's going on....

My only thoughts are that FSSession is perhaps getting confused by Apache, 
but surely it would re-issue the same Session ID the request came in with?


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to