[rt-users] Re: user authentication not working with fcgi?

acli at ada.dhs.org acli at ada.dhs.org
Wed Dec 18 20:18:23 EST 2002


In article <15872.34792.89816.818631 at onceler.kciLink.com> you
write:

>My guess would be that whatever code generates the session key
>(ie, the cookie value) has become predictable and constant.
>I don't know what that computation is, but it should include
>several elements such as the PID, time, and a PRNG value to be
>safe against guessing.

It seems to be even worse. When I go to my browser's cookie
manager, it shows me that there is *no* cookie at all.

If I kill the FastCGI rt process, sometimes RT will start
working.  (I know this at once when my browser says "Received
cookie...")  But I don't see a pattern as to when RT works and
when it doesn't.

Very strange.

-- 
Ambrose Li  <a.c.li at ieee.org>
http://ada.dhs.org/~acli/cmcc/  http://www.cccgt.org/

DRM is theft - We are the stakeholders



More information about the rt-users mailing list