On Fri, 25 Aug 2000, Pavlos Christoforou wrote:
> On Fri, 25 Aug 2000, Curtis Maloney wrote:
> > Greetings,
> > I'm using FSSession to store login details about visitors to our site.
> > It is important that users only be able to see their own data (of
> > course).
> > Today, however, I find out that some mistakes have been happening.
> > People are finding themselves logged in when they haven't yet, and others
> > finding they're logged in as someone else. This is, obivously, a
> > problem.
> > I cannot see how this could be happening, since the Session ID is stored
> > in a cookie, which should be unique to the client.
> This is very weird indeed. Nobody has ever reported a similar problem. Can
> you send me the DTML method that calls the FSSession?
Yes. Very weird. I'm not doing anything fancy. <dtml-call FSSession> is in
the standard_html_header. Once the users name/password has been verified
from the db, i use:
to set the value, and test if the user is logged in with :
Logging out works fine, with:
This was aparently working fine for quite some time (about a month of public
usage), until last week. We have examined logs, and seen that one person
accidentaly used the system under someone elses ReturnerID, and then
rectified their mistake.
I really would rather continue using FSSession, as it has worked fine for me
in the past, and I find it very simle to use. It would also save me from
having to totaly rewrite the site. (o8
Then again, I am considering using Zope level user authentication in the next
revision of this site, but that is already planned to be a major overhaul.
Really, I just want to know what's going wrong...
Have a better one,
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -