httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yang Lin <linyan...@gmail.com>
Subject [users@httpd] Session swapped problem on Apache 2.2.10 with mod_proxy
Date Thu, 11 Mar 2010 19:40:03 GMT
Hi there,

We have an app fronted with Apache 2.2.10 with all default apache enabled
modules.

Rarely and randomly, we would encounter session swapped among logged in
users.

Say I have two logged in users in two browsers: A and B. They logged in and
each have a unique session cookie. However at random times, a user A web
request will end up using user B's session (i.e. A's web request will come
back as if user B submitted it), and then from that point on, user A's
browser session cookie is changed to that of user B's, where user B
continues to have the *same* cookie in his cookie file. Now one can use user
A's browser as if user B had logged in on it.

Has anyone seen this odd behavior? I have searched around and it looks very
similar to this issue: http://httpd.markmail.org/thread/h2lk3oikjlgv24be

Any help would be highly appreciated! Thanks!

Mime
View raw message