Jonathan Angliss <jon <at> squirrelmail.org> writes: > > Hello Tavis, > On Wednesday, December 03, 2003, Tavis Gustafson wrote... > > > I wonder if this may have something to do with premature cookie > > deletion. I deleted all of my cookies while logged in to > > squirrelmail. After I re-logged in, I checked the sessions in mysql > > and found a new session along with the old session. > > Well the old session isn't going to be trashed because there is > nothing telling it to be trashed. PHP might be smart enough, and > remember to clean it up after a while based on the setting in PHP, but > that's not even guaranteed. > > > Since the value field in sessions hold all of the user prefs ( name, > > from, reply to, etc. ), if the old session somehow got reused by > > anothe ruser this might explain the symptom. Does anyone know how > > the sesskey is generated? > > Not a clue... that's a PHP question really... might need to look at > the code. > [Topic: session hijacking / wrong sender address / etc...] This thread seems to end without conclussion. Was the problem with the PHP session ID, filename or something else? We have just started seeing the same problem since concurrent user count has increased. In short user B inherits user A's preferences despite not using the same host/browser. We're using file based preferences. The problem seems to occur when users login at roughly the same time. I'm looking into the workings of PHP session handling, but if someone already knows how filenames are generated and can tell me that would be a great help. My current theory is that session filename is based on time of day and the time resolution is not high enough. Some entropy is required, perhaps. Thanks, Neil. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
