[rt-users] RT_SID cookie not invalidated at logout

Thomas Sibley trs at bestpractical.com
Thu Feb 21 19:05:45 EST 2013

On 02/21/2013 03:29 PM, Jenny Martin wrote:
>> I've dug into this.  Are you by chance using Oracle for the RT database?
>>  If not, are you explicitly setting the $WebSessionClass option to
>> Apache::Session::File?
> Thanks for investigating.  Yes, we are using Oracle.  WebSessionClass is
> default, which is commented out.

On Oracle, RT defaults to using Apache::Session::File instead of storing
sessions in the database (for historical reasons).  If you're up for it,
try switching to Apache::Session::Oracle.

1) Install it: sudo cpan -i Apache::Session::Oracle
2) Add this line to your /opt/rt4/etc/RT_SiteConfig.pm:

   Set($WebSessionClass, "Apache::Session::Oracle");

3) Restart Apache

This should fix your problem.  If you experience other issues, you can
revert back to the original behaviour by commenting out or removing the
line you added to RT_SiteConfig.pm above and restarting Apache again.

Let us know how that works.


More information about the rt-users mailing list