perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joost N <>
Subject Output leaking from one session to another?
Date Thu, 21 Jul 2005 12:33:01 GMT

Yesterday morning our ISP upgraded our debian server to Apache/1.3.33
and mod_perl/1.29. Yesterday evening we got a report of a visitor who
claimed to have seen another visitor's data. Inspecting the access log
indeed shows that this visitor had clicked on hyperlinks that he
should not have been able to see, and might have captured another
user's session this way.

Our website gets hundreds of hits per minute on busy times and has
been happily running mod_perl for about 4 years now, without any
problem, so I suspect it has something to do with the upgrade earlier
that day.

Could there be a problem that the output buffer of a previous request
is not flushed completely (due to a broken connection perhaps), so
that part of the output gets sent to the next client of the same

Any other ideas where to look? Any help is appreciated!


View raw message