httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yang Lin <>
Subject [users@httpd] Session swapped problem on Apache 2.2.10 with mod_proxy
Date Thu, 11 Mar 2010 19:40:03 GMT
Hi there,

We have an app fronted with Apache 2.2.10 with all default apache enabled

Rarely and randomly, we would encounter session swapped among logged in

Say I have two logged in users in two browsers: A and B. They logged in and
each have a unique session cookie. However at random times, a user A web
request will end up using user B's session (i.e. A's web request will come
back as if user B submitted it), and then from that point on, user A's
browser session cookie is changed to that of user B's, where user B
continues to have the *same* cookie in his cookie file. Now one can use user
A's browser as if user B had logged in on it.

Has anyone seen this odd behavior? I have searched around and it looks very
similar to this issue:

Any help would be highly appreciated! Thanks!

View raw message