has anyone tried to set up RT 2.0.15 in a non-Apache FastCGI
environment? I got it running, but it seems that RT only
creates one session.
After I logged in from the local network, I tried to access
it off-site. To my surprise, the browser which is running
off-site shows that I am logged in. If I log off there, my
session on the local network is also logged off.
Obviously, this is a problem, since any unknown user in the
world has the same rights as any privileged user who happens
to be logged on somewhere at that time.
AL> After I logged in from the local network, I tried to access
AL> it off-site. To my surprise, the browser which is running
AL> off-site shows that I am logged in. If I log off there, my
My guess would be that whatever code generates the session key (ie,
the cookie value) has become predictable and constant. I don’t know
what that computation is, but it should include several elements such
as the PID, time, and a PRNG value to be safe against guessing.
AL> After I logged in from the local network, I tried to access
AL> it off-site. To my surprise, the browser which is running
AL> off-site shows that I am logged in. If I log off there, my
My guess would be that whatever code generates the session key (ie,
the cookie value) has become predictable and constant. I don’t know
what that computation is, but it should include several elements such
as the PID, time, and a PRNG value to be safe against guessing.
It seems that this is related to restarting the web server. After
restarting the web server, the first session will become the only
session.
If I delete everything in WebRT/sessiondata before restarting the
web server, it seems that different sessions are properly created.
Does any other FastCGI users experience the same problem? Or is it
only me?
My guess would be that whatever code generates the session key
(ie, the cookie value) has become predictable and constant.
I don’t know what that computation is, but it should include
several elements such as the PID, time, and a PRNG value to be
safe against guessing.
It seems to be even worse. When I go to my browser’s cookie
manager, it shows me that there is no cookie at all.
If I kill the FastCGI rt process, sometimes RT will start
working. (I know this at once when my browser says “Received
cookie…”) But I don’t see a pattern as to when RT works and
when it doesn’t.