I am also experiencing the problem of two different users sharing the same session inadvertently. However, in my case, I can disqualify a few things that were previously discussed as possible reasons why this happens and add some more info: - Zope is running without Apache - Clients have different SessionUID's assigned (2580309312979106 vs. 26209573571042815) - Clients are netscape on linux running on the same computer as zope vs. netscape on nt4 in the same local network as the other (with no caching in between). - I have the two browsers open and I can freely modify page on one, reload the same page on the other and see the updates reflected. Any clues appreciated. Ayhan On Tue, 29 Aug 2000, Curtis Maloney wrote:
On Tue, 29 Aug 2000, Pavlos Christoforou wrote:
On Mon, 28 Aug 2000, Curtis Maloney wrote:
</dtml-if>
This was aparently working fine for quite some time (about a month of public usage), until last week. We have examined logs, and seen that one person accidentaly used the system under someone elses ReturnerID, and then rectified their mistake.
If he did rectify the mistake then that should not have resulted in a problem. In any case the problem should have been isolated to that user only. Could it be that the cookie is cached somewhere? I am not familiar with the underlying pricinciples of the apache Proxy directives.
The user 'rectified' the problem by submitting the request again under their own ID. I don't know when/how they noticed, and am not able to contact them for further comment.
As for the cookie being cached, I don't know. It is possible, as I said, that Apache is causing problems. ProxyForward means that when a URL matches a rule, it will be 'forwarded' to another server, and the returned page issued as if from Apache.
From the benchmarks I've seen, this is the fastest way to run Zope. However, I can see how it could confuse Zope into thinking two different users requests are from the same machine, since all the requests are coming from Apache. However, I am hoping (going to check on this, of course :) that the smart folks at Apache have made it 'proxy' properly, to avoid this sort of problem.
Pavlos
Curtis
participants (1)
-
Ayhan Ergul