perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dondi M. Stroma" <>
Subject mystery caching problem
Date Tue, 03 Oct 2006 01:18:24 GMT

Before I begin, I want to let you know that I've already poured over all 
mod_perl/Apache/CGI/perl related docs, porting guides, mailing list 
archives, etc.  I've read and re-read about the traps and pitfalls of 
mod_perl.  I have "use strict" on, warnings on, and I've quadrouple checked 
for closures, global variables, "variable will not stay shared" warnings, 
always passing variables to subroutines as parameters, etc.

Well, I've been experiencing a mysterious problem for a very long time now 
with a web app that I wrote. It was written to work under either 
mod_perl+Apache::Registry or mod_cgi, but obviously I'm running it under 
mod_perl or I wouldn't be posting this message here.  It's running on Fedora 
with Apache 1.33 and mod_perl 1.29 (dso).  The scripts use (latest 
version) for sending headers, and getting and retrieving cookies which store 
username and encrypted password. I'm not using any kind of reverse proxy or 
caching modules or anything like that, although I am using mod_rewrite for 
clean URLs (I know I could use a handler for that, but like I said 
everything was written to work under both mod_perl and regular mod_cgi).

The problem: occasionally, when a user logs in, they end up logging in to 
someone else's account! But it happens very, very infrequently, and I've 
been unable to even reproduce the problem myself. The application averages 
about 5000 logins per day, and users report this problem only about once 
every two weeks.  So, this problem happens only 1 in 70,000 times. I would 
think that if there was a bug in my scripts, it would be happening much more 
than 0.0014% of the time.

Here's where it get's interesting. has an undocumented method called 
cache() which, if called, outputs the "Pragma: no-cache" header.  I found it 
confusing, so just modified my copy of to always print Pragma: 
no-cache whenever the header() method is called. It seemed to fix the 
problem!  I didn't get any "wrong account" reports for several months.  A 
few days ago, the problem came back; but then I realized a recent automatic 
update to had overridden my hack... which seems to confirm that the 
"Pragma: no-cache" header made the problem go away.

But rather than speculating, I'd like to know what is *really* going on 
here.  I still can't figure out why the problem was occurring in the first 
place, or why the no-cache header *seems* to fix it.  Does anyone have any 
ideas? I'd like to understand and fix the problem for good rather than 
slapping band-aids on it.

View raw message