/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-02 / Mismatched Cookies

[ << ] [ >> ]

[ Pound RPMs for RHEL/CentOS/Fedora Core [scanned] ... ] [ other protocols than http/https? / Marten Lehmann ... ]

Mismatched Cookies
Kevin Minnick <kwminnick(at)gmail.com>		 2006-02-11 03:26:44 [ FULL ] 
Hello,

I wrote earlier about a strange problem with disappearing cookies. 
After adding some debugging to the application and thinking about the
symptoms more, I now believe that the problem is not with the cookies
disappearing, but rather the wrong headers (cookies) are being sent to
the backend.

Our application outputs a top-frame with a username in it.  Users are
reporting that the username is wrong, i.e. they are logged in as
someone else.  This tells me that the server code is finding a valid
session-id in the cookies, but the session-id does not match the
actual session-id that the client has stored.  So the application
looks up the username based on the session, and then outputs the wrong
username to the client.

I hope this makes sense.  I'm wondering if the thread encounters an
error but doesn't exit gracefully or has already sent some headers to
the backend.  And then the thread tries to handle another request and
the new headers are ignored by the backend.

Kevin
MailBoxer