mystery caching problem

Mon, 02 Oct 2006 18:23:29 -0700 

Hi,
Before I begin, I want to let you know that I've already poured over all mod_perl/Apache/CGI/perl related docs, porting guides, mailing list archives, etc. I've read and re-read about the traps and pitfalls of mod_perl. I have "use strict" on, warnings on, and I've quadrouple checked for closures, global variables, "variable will not stay shared" warnings, always passing variables to subroutines as parameters, etc. 


Well, I've been experiencing a mysterious problem for a very long time now 
with a web app that I wrote. It was written to work under either 
mod_perl+Apache::Registry or mod_cgi, but obviously I'm running it under 
mod_perl or I wouldn't be posting this message here.  It's running on Fedora 
with Apache 1.33 and mod_perl 1.29 (dso).  The scripts use CGI.pm (latest 
version) for sending headers, and getting and retrieving cookies which store 
username and encrypted password. I'm not using any kind of reverse proxy or 
caching modules or anything like that, although I am using mod_rewrite for 
clean URLs (I know I could use a handler for that, but like I said 
everything was written to work under both mod_perl and regular mod_cgi).



The problem: occasionally, when a user logs in, they end up logging in to 
someone else's account! But it happens very, very infrequently, and I've 
been unable to even reproduce the problem myself. The application averages 
about 5000 logins per day, and users report this problem only about once 
every two weeks.  So, this problem happens only 1 in 70,000 times. I would 
think that if there was a bug in my scripts, it would be happening much more 
than 0.0014% of the time.



Here's where it get's interesting. CGI.pm has an undocumented method called 
cache() which, if called, outputs the "Pragma: no-cache" header.  I found it 
confusing, so just modified my copy of CGI.pm to always print Pragma: 
no-cache whenever the header() method is called. It seemed to fix the 
problem!  I didn't get any "wrong account" reports for several months.  A 
few days ago, the problem came back; but then I realized a recent automatic 
update to CGI.pm had overridden my hack... which seems to confirm that the 
"Pragma: no-cache" header made the problem go away.



But rather than speculating, I'd like to know what is *really* going on 
here.  I still can't figure out why the problem was occurring in the first 
place, or why the no-cache header *seems* to fix it.  Does anyone have any 
ideas? I'd like to understand and fix the problem for good rather than 
slapping band-aids on it.
























					Reply via email to