[rt-users] user authentication not working with fcgi?

Vivek Khera khera at kcilink.com
Wed Dec 18 09:36:24 EST 2002


>>>>> "AL" == Ambrose Li <a.c.li at ieee.org> writes:

AL> After I logged in from the local network, I tried to access
AL> it off-site. To my surprise, the browser which is running
AL> off-site shows that I am logged in. If I log off there, my

My guess would be that whatever code generates the session key (ie,
the cookie value) has become predictable and constant.  I don't know
what that computation is, but it should include several elements such
as the PID, time, and a PRNG value to be safe against guessing.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera at kciLink.com       Rockville, MD       +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/



More information about the rt-users mailing list