[rt-users] user authentication not working with fcgi?
Vivek Khera
khera at kcilink.com
Wed Dec 18 09:36:24 EST 2002
>>>>> "AL" == Ambrose Li <a.c.li at ieee.org> writes:
AL> After I logged in from the local network, I tried to access
AL> it off-site. To my surprise, the browser which is running
AL> off-site shows that I am logged in. If I log off there, my
My guess would be that whatever code generates the session key (ie,
the cookie value) has become predictable and constant. I don't know
what that computation is, but it should include several elements such
as the PID, time, and a PRNG value to be safe against guessing.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera at kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
More information about the rt-users
mailing list