[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
[ic] session ID oddity
Quoting Jeff Dafoe (jeff@badtz-maru.com):
>
> While tailing the userlog today I noticed that IC assigned a user the
> same session ID I was already assigned. I was in the admin UI when this
> occurred. I was wondering what might cause this to occur. I am using the
> default flock on Debian linx with kernel 2.4.18 with perl 5.6.1 .
>
>
> 20021030 yuoKuFEF:216.76.211.2 216.76.211.2 1036031871
> VIEWPROD=00215 black lace empire dress long dresses
> 20021030 I9or7iMi:216.76.211.2 administrator 216.76.211.2
> 1036031891 VIEWPAGE=admin/index
> 20021030 I9or7iMi:216.76.211.2 administrator 216.76.211.2
> 1036031904 VIEWPAGE=admin/item
> 20021030 I9or7iMi:216.76.211.2 administrator 216.76.211.2
> 1036031917 VIEWPAGE=admin/item
> 20021030 I9or7iMi:147.26.193.92 147.26.193.92 1036031931
> VIEWPAGE=index
>
> The user and I continued to share session IDs for quite a few pages
> until I happened to glance over and notice, at which point I closed all my
> browser windows and relaunched one. I was then assigned a new session ID.
>
> I just looked at my "sessions active in last 180 minutes" and I see that
> there are three or four pairs of duplicated session IDs so I am wondering if
> this even indicates a problem.
>
This would be an srand() problem. If you are on an older OS or one that doesn't
support /dev/random, and you are running in PreFork mode, you could easily
see this.
Probably the best thing to do is add an srand() call to
Vend::Server::reset_vars(), which I have done in devel and might in
stable if it corrects your problem.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.513.523.7621 <mike@perusion.com>
Any man who is under 30, and is not liberal, has not heart; and any man
who is over 30, and is not a conservative, has not brains.
-- Winston Churchill