List,
I just wanted to post to see if anyone could help me understand this
(probably internet explorer) based problem. In the past I have used my own
custom authcookie type modules. Sometimes I experience problems where
internet explorer sends back a cookie with the incorrect hash (maybe an old
cookie) and causes the authentication to fail since the hash's don't match.
I didn't have this problem "too" often though. However I am trying out
Apache::dnszone which uses AuthCookie. The same type of things happens with
AuthCookie except here it happens nearly EVERY time I try to perform a
priviliged operation. Of course with mozilla it works perfectly every time.
Is this another browser based bug?
The section of AuthTicker.pm which croaks the error is
----
my $newhash = md5_hex($secret .
md5_hex(join ':', $secret, $ip,
@ticket{qw(version time expires user)})
);
unless ($newhash eq $ticket{'hash'}) {
# ticket hash does not match (ticket tampered with?)
$r->subprocess_env(AuthTicketReason => 'tampered_hash');
return 0;
}
---
This is pretty much identical code to where my code croaks (except mine
doesnt seem as often).
So I'm guessing internet explorer screws up somehow and sends and old cookie
or something weird. No doubt others have experience this and know what is
happening. Please explain
Yours,
Richard
