[Catalyst] Session collisions
Jim Spath
jspath at pangeamedia.com
Fri Jul 11 15:47:03 BST 2008
We've gotten some reports in one of our Catalyst applications that users
are "swapping places". ie, they are suddenly logged in as another user,
or someone has accessed their account. I've done some quick looking and
don't see anything unusual.
I was wondering if it could possibly be session key collisions? Have
any of you experienced this?
I'm using the following session plugins:
Session (0.13)
Session::Store::Memcached (0.2 current)
Session::State::Cookie (0.06)
They are not the most current versions, although I don't see anything in
the changelog relating to session collisions.
Also, does anyone have advice on how to institute some debugging to try
to catch these session collisions? I was thinking of storing their
username in a separate cookie, and checking this cookie when we load a
session to make sure that they match, similarly to how the
verify_address functionality works.
Thanks!
Jim
More information about the Catalyst
mailing list