Prev: "Downgrading" HTML
Next: Interacting With Shell
From: Vertebrac on 17 Sep 2010 06:47 Hi all!! I have a server running: Debian Lenny Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 PHP/5.2.6-1+lenny9 with Suhosin-Patch Clients connect to the system using firefox browser (all of them), and some of them have cloned machines (win 7 - Norton Ghost). I mention this in case that the session id generation process uses some kind of seed coming from the computer itself, i have looked into the C code of php and i couldn't find any clue that confirms this thought, but just in case. We use an intranet system over a medium lan (about 200 hosts) The problem that we are experiencing right now, is that, randomly, session id's are duplicated between 2 hosts. We tried to increase the entropy by adding /var/urandom to the session.entropy_file, upgraded our apache and php to this actual version, and the problem just keeps existing. We set up a workaround to just kick off the user if the session they try to use is already in use by another computer, but the users tend to lose everything that they've been working on (because of that workaround). Anyone of you have experienced a problem similar to this one?
|
Pages: 1 Prev: "Downgrading" HTML Next: Interacting With Shell |