RT 3.8.10 and users

We have a very infrequent problem with RT 3.8.10 where users can
sometimes get another users session. I have not been able to reproduce
this for my user account. Out of maybe 300 people who look at RT every
day, 2 of them have this problem.

Anyone seen this before?
Joshua Knarr
Systems Engineer
GSI Commerce, Inc. http://www.gsicommerce.com
E-Mail: knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

OK I know the wiki isn’t official - what’s the official source for the
mailing list archives?On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: http://bestpractical.com/services/training.html

Joshua Knarr
Systems Engineer
GSI Commerce, Inc. http://www.gsicommerce.com
E-Mail: knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.

OK now that I have a stable 3.8.10 life is easier.

Using a fresh browser and tcpdump we found that RT seems to be giving
out RT_SID_ cookies at inappropriate times.

LOG
GET / HTTP/1.1
User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7
OpenSSL/0.9.8l zlib/1.2.3
Host: gsiticket.gspt.net
Accept: /
HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RT_SID_gsiticket.80=badf8277bff46da285a9a4d9b7418d92; path=/
…
/LOG

The problem is that this RT_SID already exists for another user, which
is why this happens. If I fire up firebug in firefox and set this, I can
be basically anyone who is actively logged in.

Ideas?On Tue, 2011-06-21 at 11:23 -0400, Joshua Knarr wrote:

OK I know the wiki isn’t official - what’s the official source for the
mailing list archives?

On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: http://bestpractical.com/services/training.html

---

2011 Training: http://bestpractical.com/services/training.html

Joshua Knarr
Systems Engineer
GSI Commerce, Inc. http://www.gsicommerce.com
E-Mail: knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.

Holy thread resurrection batman…

Unlike these users, however, we have no proxy in the way. Looks like
this issue was raised, dropped on the floor, raised again and never took
off.

Can I raise it again? ;)On Tue, 2011-06-21 at 12:17 -0400, Joshua Knarr wrote:

OK now that I have a stable 3.8.10 life is easier.

Using a fresh browser and tcpdump we found that RT seems to be giving
out RT_SID_ cookies at inappropriate times.

LOG
GET / HTTP/1.1
User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7
OpenSSL/0.9.8l zlib/1.2.3
Host: gsiticket.gspt.net
Accept: /
HTTP/1.1 200 OK
Date: Tue, 21 Jun 2011 16:10:08 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RT_SID_gsiticket.80=badf8277bff46da285a9a4d9b7418d92;
path=/
…
/LOG

The problem is that this RT_SID already exists for another user, which
is why this happens. If I fire up firebug in firefox and set this, I
can be basically anyone who is actively logged in.

Ideas?

On Tue, 2011-06-21 at 11:23 -0400, Joshua Knarr wrote:

OK I know the wiki isn’t official - what’s the official source for
the mailing list archives?

On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: http://bestpractical.com/services/training.html

---

2011 Training: http://bestpractical.com/services/training.html

plain text document attachment (ATT1781072.txt)

---

2011 Training: http://bestpractical.com/services/training.html

Joshua Knarr
Systems Engineer
GSI Commerce, Inc. http://www.gsicommerce.com
E-Mail: knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.

Holy thread resurrection batman…

[1]Carbon60: Managed Cloud Services

Unlike these users, however, we have no proxy in the way. Looks like this issue was raised,
dropped on the floor, raised again and never took off.

Can I raise it again?

As I mentioned to your initial mail, every time this comes up, someone
has a proxy, mod_cache or some other thing in the middle causing
network problems.

If you can provide a replication recipe for something like this that we
can run locally, we’re happy to investigate it, but so far it’s always
turned out to be a local misconfiguration.

Replication recipe in this case would be clean install of RT, full
exact apache configuration and probably operating system version also.
Otherwise there are too many variables involved.

-kevin> On Tue, 2011-06-21 at 12:17 -0400, Joshua Knarr wrote:

 OK now that I have a stable 3.8.10 life is easier.

 Using a fresh browser and tcpdump we found that RT seems to be giving out RT_SID_ cookies at
 inappropriate times.

 LOG
 GET / HTTP/1.1
 User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l
 zlib/1.2.3
 Host: gsiticket.gspt.net
 Accept: */*
 HTTP/1.1 200 OK
 Date: Tue, 21 Jun 2011 16:10:08 GMT
 Server: Apache/2.2.3 (Red Hat)
 Set-Cookie: RT_SID_gsiticket.80=badf8277bff46da285a9a4d9b7418d92; path=/
 ...
 /LOG

 The problem is that this RT_SID already exists for another user, which is why this happens.
 If I fire up firebug in firefox and set this, I can be basically anyone who is actively
 logged in.

 Ideas?

 On Tue, 2011-06-21 at 11:23 -0400, Joshua Knarr wrote:

   OK I know the wiki isn't official - what's the official source for the mailing list
   archives?

   On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: [2]http://bestpractical.com/services/training.html

   --------
   2011 Training: [3]http://bestpractical.com/services/training.html

 +-----------------------------------------------+
 |plain text document attachment (ATT1781072.txt)|
 +-----------------------------------------------+

 --------
 2011 Training: [4]http://bestpractical.com/services/training.html

–
Joshua Knarr
Systems Engineer
GSI Commerce, Inc. [5]http://www.gsicommerce.com
E-Mail: [6]knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is intended only for the use of
the individual or entity named in this transmission. If you are not the intended recipient of
this transmission, you are hereby notified that any disclosure, copying or distribution of the
contents of this transmission is strictly prohibited and that you should delete the contents
of this transmission from your system immediately. Any comments or statements contained in
this transmission do not necessarily reflect the views or position of GSI Commerce, Inc. or
its subsidiaries and/or affiliates.

References

Visible links

1. Carbon60: Managed Cloud Services
2. http://bestpractical.com/services/training.html
3. http://bestpractical.com/services/training.html
4. http://bestpractical.com/services/training.html
5. http://www.gsicommerce.com/
6. mailto:hellerk@gsicommerce.com

---

2011 Training: http://bestpractical.com/services/training.html

It’s an upgrade of RT. More specifically it’s an RT 3.4.5 DB I copied to
a clean MySQL 5 host and did the upgrade process to arrive at 3.8.10

Right now it looks like fastCGI is the problem. We only have six or so
people logged in at the moment but testing it on my box with curl used
to consistently replicate the problem with RT giving us an RT_SID_
cookie and now I cannot reproduce it.

I will let you know tomorrow when the load gets cranked up if you’re
interested in chasing this.On Tue, 2011-06-21 at 16:36 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 04:00:37PM -0400, Joshua Knarr wrote:

Holy thread resurrection batman…

[1]Carbon60: Managed Cloud Services

Unlike these users, however, we have no proxy in the way. Looks like this issue was raised,
dropped on the floor, raised again and never took off.

Can I raise it again?

As I mentioned to your initial mail, every time this comes up, someone
has a proxy, mod_cache or some other thing in the middle causing
network problems.

If you can provide a replication recipe for something like this that we
can run locally, we’re happy to investigate it, but so far it’s always
turned out to be a local misconfiguration.

Replication recipe in this case would be clean install of RT, full
exact apache configuration and probably operating system version also.
Otherwise there are too many variables involved.

-kevin

On Tue, 2011-06-21 at 12:17 -0400, Joshua Knarr wrote:

 OK now that I have a stable 3.8.10 life is easier.

 Using a fresh browser and tcpdump we found that RT seems to be giving out RT_SID_ cookies at
 inappropriate times.

 LOG
 GET / HTTP/1.1
 User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l
 zlib/1.2.3
 Host: gsiticket.gspt.net
 Accept: */*
 HTTP/1.1 200 OK
 Date: Tue, 21 Jun 2011 16:10:08 GMT
 Server: Apache/2.2.3 (Red Hat)
 Set-Cookie: RT_SID_gsiticket.80=badf8277bff46da285a9a4d9b7418d92; path=/
 ...
 /LOG

 The problem is that this RT_SID already exists for another user, which is why this happens.
 If I fire up firebug in firefox and set this, I can be basically anyone who is actively
 logged in.

 Ideas?

 On Tue, 2011-06-21 at 11:23 -0400, Joshua Knarr wrote:

   OK I know the wiki isn't official - what's the official source for the mailing list
   archives?

   On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: [2]http://bestpractical.com/services/training.html

   --------
   2011 Training: [3]http://bestpractical.com/services/training.html

 +-----------------------------------------------+
 |plain text document attachment (ATT1781072.txt)|
 +-----------------------------------------------+

 --------
 2011 Training: [4]http://bestpractical.com/services/training.html

–
Joshua Knarr
Systems Engineer
GSI Commerce, Inc. [5]http://www.gsicommerce.com
E-Mail: [6]knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is intended only for the use of
the individual or entity named in this transmission. If you are not the intended recipient of
this transmission, you are hereby notified that any disclosure, copying or distribution of the
contents of this transmission is strictly prohibited and that you should delete the contents
of this transmission from your system immediately. Any comments or statements contained in
this transmission do not necessarily reflect the views or position of GSI Commerce, Inc. or
its subsidiaries and/or affiliates.

References

Visible links

1. Carbon60: Managed Cloud Services
2. http://bestpractical.com/services/training.html
3. http://bestpractical.com/services/training.html
4. http://bestpractical.com/services/training.html
5. http://www.gsicommerce.com/
6. mailto:hellerk@gsicommerce.com

---

2011 Training: http://bestpractical.com/services/training.html

---

2011 Training: http://bestpractical.com/services/training.html

Joshua Knarr
Systems Engineer
GSI Commerce, Inc. http://www.gsicommerce.com
E-Mail: knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is
intended only for the use of the individual or entity named in this
transmission. If you are not the intended recipient of this
transmission, you are hereby notified that any disclosure, copying or
distribution of the contents of this transmission is strictly prohibited
and that you should delete the contents of this transmission from your
system immediately. Any comments or statements contained in this
transmission do not necessarily reflect the views or position of GSI
Commerce, Inc. or its subsidiaries and/or affiliates.

It’s an upgrade of RT. More specifically it’s an RT 3.4.5 DB I copied to a clean MySQL 5 host
and did the upgrade process to arrive at 3.8.10

Right now it looks like fastCGI is the problem. We only have six or so people logged in at the
moment but testing it on my box with curl used to consistently replicate the problem with RT
giving us an RT_SID_ cookie and now I cannot reproduce it.

I will let you know tomorrow when the load gets cranked up if you’re interested in chasing
this.

Again, without some replication we can do locally, there’s very little
that can be done.

Your time is probably best spent looking at your apache config for the
usual problem spots.

-kevin> On Tue, 2011-06-21 at 16:36 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 04:00:37PM -0400, Joshua Knarr wrote:

Holy thread resurrection batman…

[1][1]Carbon60: Managed Cloud Services

Unlike these users, however, we have no proxy in the way. Looks like this issue was raised,
dropped on the floor, raised again and never took off.

Can I raise it again?

As I mentioned to your initial mail, every time this comes up, someone
has a proxy, mod_cache or some other thing in the middle causing
network problems.

If you can provide a replication recipe for something like this that we
can run locally, we’re happy to investigate it, but so far it’s always
turned out to be a local misconfiguration.

Replication recipe in this case would be clean install of RT, full
exact apache configuration and probably operating system version also.
Otherwise there are too many variables involved.

-kevin

On Tue, 2011-06-21 at 12:17 -0400, Joshua Knarr wrote:

 OK now that I have a stable 3.8.10 life is easier.

 Using a fresh browser and tcpdump we found that RT seems to be giving out RT_SID_ cookies at
 inappropriate times.

 LOG
 GET / HTTP/1.1
 User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7 OpenSSL/0.9.8l
 zlib/1.2.3
 Host: gsiticket.gspt.net
 Accept: */*
 HTTP/1.1 200 OK
 Date: Tue, 21 Jun 2011 16:10:08 GMT
 Server: Apache/2.2.3 (Red Hat)
 Set-Cookie: RT_SID_gsiticket.80=badf8277bff46da285a9a4d9b7418d92; path=/
 ...
 /LOG

 The problem is that this RT_SID already exists for another user, which is why this happens.
 If I fire up firebug in firefox and set this, I can be basically anyone who is actively
 logged in.

 Ideas?

 On Tue, 2011-06-21 at 11:23 -0400, Joshua Knarr wrote:

   OK I know the wiki isn't official - what's the official source for the mailing list
   archives?

   On Tue, 2011-06-21 at 11:03 -0400, Kevin Falcone wrote:

On Tue, Jun 21, 2011 at 10:33:54AM -0400, Joshua Knarr wrote:

We have a very infrequent problem with RT 3.8.10 where users can sometimes get another users
session. I have not been able to reproduce this for my user account. Out of maybe 300 people
who look at RT every day, 2 of them have this problem.

Anyone seen this before?

If you search the mailing list archives, this always seems to be a
proxy or mod_cache misbehaving

-kevin

2011 Training: [2][2]http://bestpractical.com/services/training.html

   --------
   2011 Training: [3][3]http://bestpractical.com/services/training.html

 +-----------------------------------------------+
 |plain text document attachment (ATT1781072.txt)|
 +-----------------------------------------------+

 --------
 2011 Training: [4][4]http://bestpractical.com/services/training.html

–
Joshua Knarr
Systems Engineer
GSI Commerce, Inc. [5][5]http://www.gsicommerce.com
E-Mail: [6][6]knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is intended only for the use of
the individual or entity named in this transmission. If you are not the intended recipient of
this transmission, you are hereby notified that any disclosure, copying or distribution of the
contents of this transmission is strictly prohibited and that you should delete the contents
of this transmission from your system immediately. Any comments or statements contained in
this transmission do not necessarily reflect the views or position of GSI Commerce, Inc. or
its subsidiaries and/or affiliates.

References

Visible links

1. [7]Carbon60: Managed Cloud Services
2. [8]http://bestpractical.com/services/training.html
3. [9]http://bestpractical.com/services/training.html
4. [10]http://bestpractical.com/services/training.html
5. [11]http://www.gsicommerce.com/
6. [12]mailto:hellerk@gsicommerce.com

---

2011 Training: [13]http://bestpractical.com/services/training.html

---

2011 Training: [14]http://bestpractical.com/services/training.html

–
Joshua Knarr
Systems Engineer
GSI Commerce, Inc. [15]http://www.gsicommerce.com
E-Mail: [16]knarrj@gsicommerce.com
Office: 610-491-7110
Mobile: 484-636-7371

The information contained in this electronic mail transmission is intended only for the use of
the individual or entity named in this transmission. If you are not the intended recipient of
this transmission, you are hereby notified that any disclosure, copying or distribution of the
contents of this transmission is strictly prohibited and that you should delete the contents
of this transmission from your system immediately. Any comments or statements contained in
this transmission do not necessarily reflect the views or position of GSI Commerce, Inc. or
its subsidiaries and/or affiliates.

References

Visible links

1. Carbon60: Managed Cloud Services
2. http://bestpractical.com/services/training.html
3. http://bestpractical.com/services/training.html
4. http://bestpractical.com/services/training.html
5. http://www.gsicommerce.com/
6. mailto:knarrj@gsicommerce.com
7. Carbon60: Managed Cloud Services
8. http://bestpractical.com/services/training.html
9. http://bestpractical.com/services/training.html
10. http://bestpractical.com/services/training.html
11. http://www.gsicommerce.com/
12. mailto:hellerk@gsicommerce.com
13. http://bestpractical.com/services/training.html
14. http://bestpractical.com/services/training.html
15. http://www.gsicommerce.com/
16. mailto:hellerk@gsicommerce.com

---

2011 Training: http://bestpractical.com/services/training.html