[Zope] FSSession problems...
Curtis Maloney
curtis@umd.com.au
Fri, 25 Aug 2000 17:06:28 +1000
On Fri, 25 Aug 2000, Curtis Maloney wrote:
> Greetings,
>
> I'm using FSSession to store login details about visitors to our site. It
> is important that users only be able to see their own data (of course).
>
> Today, however, I find out that some mistakes have been happening. People
> are finding themselves logged in when they haven't yet, and others finding
> they're logged in as someone else. This is, obivously, a problem.
>
> I cannot see how this could be happening, since the Session ID is stored in
> a cookie, which should be unique to the client.
>
> I am using:
>
> Zope 2.1.6 on Solaris 2.7
> FSSession 0.4.0
>
Further details:
Some internal testins has shown that is User A logs in with IE, and User B
opens the page fresh (from another machine) they will be logged in as User A.
But if User A logs in with NS, this doesn't happen.
I am really confused as to what's going on....
My only thoughts are that FSSession is perhaps getting confused by Apache,
but surely it would re-issue the same Session ID the request came in with?
Curtis