Hi All, Weird situation... On our production environment, one of our users (I have remotely connected to their system) is losing Session information as soon as they try to do anything past their login. Even stranger (I can tell via the title of the page) that the session information is getting mixed up. The title of the page should be the user's name and after clicking on a page that requires session / cookie information, the title of the page changes to another user's name. So something isn't right... Our development environment (unfortunately) at this time uses Apache (we'll be upgrading it to Nginx shortly). This issue does not exist in our development environment. The problem computer is behind a proxy and the proxy on that server is configured as a "text" proxy (i.e. not ip address... rather proxy name). So I'm not sure if that would be an issue? Is it possible that sessions are getting mixed up between users behind a proxy who's name is the same? Any suggestions / thoughts? Thanks
on 2009-01-14 22:07
on 2009-01-14 22:14
sounds like an application level issue to me, or how you determine session names. being behind a proxy would only change the IP (maybe) - which could be a factor in the session name. also their login name changing from anonymous -> a logged in user could too. but if this doesn't happen in the apache environment i'm not quite sure. (thinking out loud) i've never had a problem with session code portability. of course i use mysql-backed sessions, but even file-based ones don't seem to be affected.
on 2009-01-14 22:28
Thanks, this is definitely a very odd situation. Essentially within a few seconds of being logged in, it kicks her out and actually shows information about a different session. I don't even know where to look for this one. There are no nginx error logs corresponding to this and the access logs simply show a trail of clicks.
on 2009-01-14 22:36
Either proxy is dumb and does caching of private copies of pages or proxy is very smart and needs Cache-Control: private header from app.
on 2009-01-15 02:08
Regarding the switching of the username via session, turns out that the page was being partially cached by the CMS. So as one user was calling it with their name, the internal cache would get overwritten. We have now disabled this functionality. Again, thanks all for your responses.
on 2009-01-15 02:13
Thanks for all the responses I got, really appreciate it. I think we found the problem... the PHP ini save_sessions directory wasn't set (oops). On Wed, Jan 14, 2009 at 3:27 PM, Valery K. <