Subject: Developers of Sympa
List archive
[sympa-dev] critical session-handling problem in 6.0+ (bug #6979)
- From: Adam Bernstein <address@concealed>
- To: "address@concealed" <address@concealed>
- Subject: [sympa-dev] critical session-handling problem in 6.0+ (bug #6979)
- Date: Tue, 14 Sep 2010 16:15:56 -0700
Hi Sympa team. We're almost done with the Sympa 5.3.4 -> 6.1b4 upgrade on our development server, but have now run into a bug that brings our whole upgrade plan to a total stop -- we cannot run the new Sympa until it's fixed. I see it already listed in your bug database (#6979), with no progress since it was reported, so I'm a little concerned. What can we do to help get it fixed?
Our Apache server is restarted every night for log rotation, which means that the first (or actually, second) person to login every day is going to be terribly confused when someone else's session pops up in their browser. The security implications are also serious.
For what it's worth, I have not yet been able to deliberately reproduce the bug with any amount of logging in and out, deleting cookies, restarting Apache, or deleting rows from the session_table. And yet, it happens reliably every day, after the automated Apache restart around midnight. So I'm not sure what the exact trigger conditions are.
Our environment is:
FreeBSD 8.0
Apache 2.2.15
Perl 5.10.1
Sympa 6.1b4
Looking forward to working with you on this.
thanks,
adam
-
[sympa-dev] critical session-handling problem in 6.0+ (bug #6979),
Adam Bernstein, 09/14/2010
- [sympa-dev] Re: critical session-handling problem in 6.0+ (bug #6979), Adam Bernstein, 09/14/2010
Archive powered by MHonArc 2.6.19+.