> On Thu, 2005-04-28 at 01:01, Jonathan Angliss wrote:
>
> > - User 1 logs in to webserver 1, gets session id abc123
> > - User 2 logs in to webserver 2, gets session id abc123 and trashes
> > current contents of abc123 session file
>
> Can this happen? What is the probability of two different users getting
> the same session ID?
>
If the 2 servers didn't share the common session data directory,
I could see that this is a possibility, though EXTREMELY EXTREMEMLY rare.
I still see this as EXTREMELY EXTREMEMLY rare in a race condition where
(I ASSuME this is how it does it) they both check for the session data
file existing, both don't see it, and both write the same one. But 2
servers generating the same ID at the same microsecond (I don't know
how it determines this, if its a hash of time and server name and original
IP or WHAT) and then a race condition happening to allow that to happen....
I'm not sure what else can be done.
Thanks, Tuc
-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
