On Thu, 2005-04-28 at 16:23, Jonathan Angliss wrote: [........] > > > Can this happen? What is the probability of two different users getting > > the same session ID? > > Note it is not only two users, but two web servers. It is possible, > but the possibility of it is probably VERY slim. The session ids are > randomly generated based on a number of variables I believe (I've > not looked at the PHP code in such a while), and that alone makes > the chances of collisions very... difficult :) >
I have never seen/heard about this problem in the past, not with webmail or other software. I have not found any information about the algorithm used by Zend/PHP to generate the SID of a session but I am sure they thought about this a long time ago. webclusters using PHP have been long in the market. > You can "replicate" similar kind of "behaviors" in earlier versions > of 1.2.x, I've not been able to replicate it recently... but here is > the steps you used to be able to use... > > 1. open browser and login > 2. open another browser and login to a different account > 3. go back to first browser, and click on a different folder, > perhaps the sent folder as an example. [........] This was not the same problem we are talking about here. This problem was 'the same user' loging in the same SM installation with two different accounts from the "same browser" (I had this problem ;)). We are talking about two different users, from different browser, probably from different computers, getting the same SID and destroying each others session data. I do not think this is an actual problem for those running a SM cluster. -- Rafael Martinez, <[EMAIL PROTECTED]> Center for Information Technology Services University of Oslo, Norway PGP Public Key: http://folk.uio.no/rafael/
signature.asc
Description: This is a digitally signed message part
