| Re: PEAR Auth package woes [message #178399 is a reply to message #178395] |
Wed, 13 June 2012 21:51   |
Eli the Bearded
Messages: 22
Registered: April 2011
Karma:
|
Junior Member |
|
|
In comp.lang.php, J.O. Aho <user(at)example(dot)net> wrote:
> I haven't used the PEAR Auth package, but the problem is your cookies,
> as each has their own subdomain, which makes machine A can't read
> machine B's cookie, and machines from Colo1 can't read cookies from Colo2.
Bullshit. Each has their own subdomain when viewed from the inside
interface, but not when reached through the load balancer.
I can telnet to machine A, get a cookie, then telnet to machine A and
have teh cookie accepted or telnet to machine B and have the cookie
rejected. There is no "can't read cookies" entering into this.
$ telnet web-3 80
POST /monitoring.php HTTP/1.0
Host: OBSCURED
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
username=OBSCURED&password=OBSCURED
HTTP/1.1 200 OK
Date: Wed, 13 Jun 2012 21:27:41 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Set-Cookie: PHPSESSID=fbp8hencd7pqat7kma9tbn3ek3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; path=/
Set-Cookie: authchallenge=e09d912dca24f955c5dc5abcf6e6809e; path=/
Vary: Accept-Encoding
Content-Length: 260
Connection: close
Content-Type: text/html
[...]
GOOD: All Worked
Connection closed by foreign host.
$
See the double Set-Cookie: PHPSESSID=(foo) there? That's quirky,
but if you play "last seen wins" then the cookies are usable, on
the same host:
$ telnet web-3 80
GET /monitoring.php HTTP/1.0
Host: OBSCURED
Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
HTTP/1.1 200 OK
Date: Wed, 13 Jun 2012 21:28:36 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 260
Connection: close
Content-Type: text/html
[...]
GOOD: All Worked
Connection closed by foreign host.
$
Now try that cookie on another machine:
$ telnet web-4 80
GET /monitoring.php HTTP/1.0
Host: OBSCURED
Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
HTTP/1.1 200 OK
Date: Wed, 13 Jun 2012 21:29:19 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 4694
Connection: close
Content-Type: text/html
[... login page is presented ...]
Connection closed by foreign host.
$
This is pure and simple, Auth doesn't like it's own cookies when set
by another machine. Is it fixable with some hidden setting? That part
I have not been able to find out, and I suspect the answer is no.
Elijah
------
thinks most web programmers don't know how to think in loadbalanced terms
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]