Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-08 Thread Rafael Martinez Guerrero
On Tue, 2006-02-07 at 03:12, Iain Pople wrote: > Rafael Martinez Guerrero wrote: > > > Some time ago, we tried a version of the session handler that did what > > you suggest and we had big problems with transactions that were not > > finnished and waiting for a commit. After a while all connection

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-06 Thread Rafael Martinez Guerrero
On Mon, 2006-02-06 at 12:35, Pallav Kumar Dutta wrote: > Hi, > Can you suggest without using DB, is it possible to rectify the > problem as we are not using DB . > Regards > pkdutta > As Iain suggested in squirrelmail-devel, we should modified the function sqsession_is_active() in some way to not

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-06 Thread Pallav Kumar Dutta
Hi,Can you suggest without using DB, is it possible to rectify the problem as we are not using DB .Regardspkdutta> On Mon, 2006-02-06 at 04:32, Iain Pople wrote:>> > With this, you dont have real load balancing and automatic feilover. I>> > do not understand why to use IP persistency when you shar

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-06 Thread Rafael Martinez Guerrero
On Mon, 2006-02-06 at 04:32, Iain Pople wrote: > > With this, you dont have real load balancing and automatic feilover. I > > do not understand why to use IP persistency when you share session data > > between servers. Well I can understand it if you use NFS to share the > > files but not if you us

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-06 Thread Rafael Martinez Guerrero
On Mon, 2006-02-06 at 04:50, Iain Pople wrote: > Hi Rafael, > Hello > Thanks for your post. I have some questions about your session handling > code. > > Isn't it necessary to have some sort of transaction locking? When you > use file based sessions the OS automatically stops multiple process

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-06 Thread Rafael Martinez Guerrero
On Mon, 2006-02-06 at 08:07, Iain Pople wrote: > Rafael Martinez Guerrero wrote: > > > > Hello > > > > This is the same problem we had some months ago. We reported this to the > > list in august 2005 and it take us very heavy debugging to find out the > > cause of this. More information here: > >

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-03 Thread Rafael Martinez Guerrero
On Fri, 2006-02-03 at 07:26, Iain Pople wrote: [] > > The advantage of using the NFS share is that we can bring down a front > end without the user losing their session. > > We did look into a postgres based custom session handler but found that > performance wasn't satisfactory (we

Re: [SM-DEVEL] Re: [SM-USERS] session hijacking bug

2006-02-03 Thread Rafael Martinez Guerrero
On Fri, 2006-02-03 at 06:53, Jonathan Angliss wrote: > > The 3 webmail front ends are load balanced behind an Alteon load > > balancer with IP persistency. Sessions are stored on the NFS mount. > > While I don't believe it's likely to happen too often, there is a > possibility that the session id