[Zope] FSSession problems...

Curtis Maloney curtis@umd.com.au
Wed, 30 Aug 2000 10:18:32 +1100


On Tue, 29 Aug 2000, Pavlos Christoforou wrote:
> On Mon, 28 Aug 2000, Curtis Maloney wrote:
> > </dtml-if>
> >
> > This was aparently working fine for quite some time (about a month of
> > public usage), until last week.  We have examined logs, and seen that one
> > person accidentaly used the system under someone elses ReturnerID, and
> > then rectified their mistake.
>
> If he did rectify the mistake then that should not have resulted in a
> problem. In any case the problem should have been isolated to that user
> only. Could it be that the cookie is cached somewhere? I am not familiar
> with the underlying pricinciples of the apache Proxy directives.
>
>
The user 'rectified' the problem by submitting the request again under their 
own ID.  I don't know when/how they noticed, and am not able to contact them 
for further comment.

As for the cookie being cached, I don't know.  It is possible, as I said, 
that Apache is causing problems.  ProxyForward means that when a URL matches 
a rule, it will be 'forwarded' to another server, and the returned page 
issued as if from Apache.

From the benchmarks I've seen, this is the fastest way to run Zope.  However, 
I can see how it could confuse Zope into thinking two different users 
requests are from the same machine, since all the requests are coming from 
Apache.  However, I am hoping (going to check on this, of course :)  that the 
smart folks at Apache have made it 'proxy' properly, to avoid this sort of 
problem.

> Pavlos
>
Curtis