since this presents 2 questions -- I would like to ask more about the first -- of all the CAS pluggins for zope and plone -- which one works best;-) Actually, since we serve content both directly from Zope AND from plone, I need one that works with 'both'... in other words, I need something that works for zope authentication -- as well as plone. Any pointers on which 'single' prooduct package will allow that? On Fri, Dec 18, 2009 at 7:28 AM, Encolpe Degoute < encolpe.degoute@quadra-informatique.fr> wrote:

Hello,

These last months we have a random bug around CAS authentication.

Preamble: CAS plugins are multiple but all are based on CAS4PAS : - CAS4PAS - Products.CAS4PAS - collective.castle - collective.cas4plone

They all doing more or less the same job with different maintainers... They are all in the collective but outside http://svn.plone.org/svn/collective/PASPlugins/

Guys, can we try to work together ? If you only need rights to upload a release on pypi just ask them, don't start a fork.

Our problem is user can obtain another session opened with CAS when the server is overloaded. It happens only one the first page loaded for a session and once the user get the session he keeps it until is logout.

There is no web cache and Zope serve pages directly to them. There is 4 threads and 5000 objects in session cache.

We suspect a session cache bug but we don't know how to debug it as the bug comes randomly when the server is overloaded (more than 5 concurrent users).

Any tips to build a test environment for this ?

Regards, -- int i;main(){for(;i["]<i;++i){--i;}"];read('-'-'-',i+++"hell\ o, world!\\n",'/'/'/'));}read(j,i,p){write(j/p+p,i---j,i/i);} -+- Dishonorable mention, Obfuscated C Code Contest, 1984 Author requested anonymity -+-

_______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )

-- David Bear College of Public Programs at ASU 602-494-0424

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Encolpe Degoute wrote: <snip>

Our problem is user can obtain another session opened with CAS when the server is overloaded. It happens only one the first page loaded for a session and once the user get the session he keeps it until is logout.

There is no web cache and Zope serve pages directly to them. There is 4 threads and 5000 objects in session cache.

We suspect a session cache bug but we don't know how to debug it as the bug comes randomly when the server is overloaded (more than 5 concurrent users).

Any tips to build a test environment for this ?

I don't know anything about the guts of CAS4PAS. If you think this is a bug in the sessioning machinery itself, you might try swapping out an alternate session data manager, e.g. 'faster': http://agendaless.com/Members/tseaver/software/faster/ If that makes the problem go away, thenn you could work on trying to reproduce the problem in isolation. If not, then the bug is in the CAS4PAS code itself. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksrvKgACgkQ+gerLs4ltQ5liQCfRO+dj4kxeNquU1KjkcWdXFSH qnwAoMqEwslXlOtNx1ovzb40TiTcEPSA =Gvbl -----END PGP SIGNATURE-----