Losing sessions?

Hi All,

Weird situation…

On our production environment, one of our users (I have remotely
to their system) is losing Session information as soon as they try to do
anything past their login. Even stranger (I can tell via the title of
page) that the session information is getting mixed up. The title of
page should be the user’s name and after clicking on a page that
session / cookie information, the title of the page changes to another
user’s name. So something isn’t right…

Our development environment (unfortunately) at this time uses Apache
be upgrading it to Nginx shortly). This issue does not exist in our
development environment.

The problem computer is behind a proxy and the proxy on that server is
configured as a “text” proxy (i.e. not ip address… rather proxy name).
I’m not sure if that would be an issue?

Is it possible that sessions are getting mixed up between users behind a
proxy who’s name is the same?

Any suggestions / thoughts?


sounds like an application level issue to me, or how you determine
session names.

being behind a proxy would only change the IP (maybe) - which could be
a factor in the session name.

also their login name changing from anonymous -> a logged in user could

but if this doesn’t happen in the apache environment i’m not quite
sure. (thinking out loud)

i’ve never had a problem with session code portability. of course i
use mysql-backed sessions, but even file-based ones don’t seem to be

Thanks, this is definitely a very odd situation. Essentially within a
seconds of being logged in, it kicks her out and actually shows
about a different session.

I don’t even know where to look for this one. There are no nginx error
corresponding to this and the access logs simply show a trail of clicks.

Regarding the switching of the username via session, turns out that the
was being partially cached by the CMS. So as one user was calling it
their name, the internal cache would get overwritten. We have now
this functionality.

Again, thanks all for your responses.

Either proxy is dumb and does caching of private copies of pages or
proxy is very smart and needs Cache-Control: private header from app.

Thanks for all the responses I got, really appreciate it. I think we
the problem… the PHP ini save_sessions directory wasn’t set (oops).

On Wed, Jan 14, 2009 at 3:27 PM, Valery K. <