Session swapped problem on Apache 2.2.10 with mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi there,

We have an app fronted with Apache 2.2.10 with all default apache enabled modules.

Rarely and randomly, we would encounter session swapped among logged in users.

Say I have two logged in users in two browsers: A and B. They logged in and each have a unique session cookie. However at random times, a user A web request will end up using user B's session (i.e. A's web request will come back as if user B submitted it), and then from that point on, user A's browser session cookie is changed to that of user B's, where user B continues to have the *same* cookie in his cookie file. Now one can use user A's browser as if user B had logged in on it.

Has anyone seen this odd behavior? I have searched around and it looks very similar to this issue: http://httpd.markmail.org/thread/h2lk3oikjlgv24be

Any help would be highly appreciated! Thanks!



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux