[ic] session ID oddity

Mike Heins interchange-users@icdevgroup.org
Wed Oct 30 23:28:01 2002


Quoting Jeff Dafoe (jeff@badtz-maru.com):
> 
>     While tailing the userlog today I noticed that IC assigned a user the
> same session ID I was already assigned.  I was in the admin UI when this
> occurred.  I was wondering what might cause this to occur.  I am using the
> default flock on Debian linx with kernel 2.4.18 with perl 5.6.1 .
> 
> 
> 20021030        yuoKuFEF:216.76.211.2           216.76.211.2    1036031871
> VIEWPROD=00215 black lace empire dress long dresses
> 20021030        I9or7iMi:216.76.211.2   administrator   216.76.211.2
> 1036031891              VIEWPAGE=admin/index
> 20021030        I9or7iMi:216.76.211.2   administrator   216.76.211.2
> 1036031904              VIEWPAGE=admin/item
> 20021030        I9or7iMi:216.76.211.2   administrator   216.76.211.2
> 1036031917              VIEWPAGE=admin/item
> 20021030        I9or7iMi:147.26.193.92          147.26.193.92   1036031931
> VIEWPAGE=index
> 
>     The user and I continued to share session IDs for quite a few pages
> until I happened to glance over and notice, at which point I closed all my
> browser windows and relaunched one.  I was then assigned a new session ID.
> 
>     I just looked at my "sessions active in last 180 minutes" and I see that
> there are three or four pairs of duplicated session IDs so I am wondering if
> this even indicates a problem.
> 

This would be an srand() problem. If you are on an older OS or one that doesn't
support /dev/random, and you are running in PreFork mode, you could easily
see this.

Probably the best thing to do is add an srand() call to
Vend::Server::reset_vars(), which I have done in devel and might in
stable if it corrects your problem.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.513.523.7621      <mike@perusion.com>

Any man who is under 30, and is not liberal, has not heart; and any man
who is over 30, and is not a conservative, has not brains.
 -- Winston Churchill