On Fri, 25 Aug 2000, Curtis Maloney wrote:
Greetings,
I'm using FSSession to store login details about visitors to our site. It is important that users only be able to see their own data (of course).
Today, however, I find out that some mistakes have been happening. People are finding themselves logged in when they haven't yet, and others finding they're logged in as someone else. This is, obivously, a problem.
I cannot see how this could be happening, since the Session ID is stored in a cookie, which should be unique to the client.
I am using:
Zope 2.1.6 on Solaris 2.7 FSSession 0.4.0
Further details: Some internal testins has shown that is User A logs in with IE, and User B opens the page fresh (from another machine) they will be logged in as User A. But if User A logs in with NS, this doesn't happen. I am really confused as to what's going on.... My only thoughts are that FSSession is perhaps getting confused by Apache, but surely it would re-issue the same Session ID the request came in with? Curtis