FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » PEAR Auth package woes
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: PEAR Auth package woes [message #178400 is a reply to message #178399] Thu, 14 June 2012 00:58 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/13/2012 5:51 PM, Eli the Bearded wrote:
> In comp.lang.php, J.O. Aho<user(at)example(dot)net> wrote:
>> I haven't used the PEAR Auth package, but the problem is your cookies,
>> as each has their own subdomain, which makes machine A can't read
>> machine B's cookie, and machines from Colo1 can't read cookies from Colo2.
>
> Bullshit. Each has their own subdomain when viewed from the inside
> interface, but not when reached through the load balancer.
>

Bullshit. The programmers here know how load balancers work. You have
very obviously shown YOU DO NOT.

> I can telnet to machine A, get a cookie, then telnet to machine A and
> have teh cookie accepted or telnet to machine B and have the cookie
> rejected. There is no "can't read cookies" entering into this.
>

telnet is NOT a browser!!

> $ telnet web-3 80
> POST /monitoring.php HTTP/1.0
> Host: OBSCURED
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 40
>
> username=OBSCURED&password=OBSCURED
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:27:41 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Set-Cookie: PHPSESSID=fbp8hencd7pqat7kma9tbn3ek3; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; path=/
> Set-Cookie: authchallenge=e09d912dca24f955c5dc5abcf6e6809e; path=/
> Vary: Accept-Encoding
> Content-Length: 260
> Connection: close
> Content-Type: text/html
>
> [...]
> GOOD: All Worked
> Connection closed by foreign host.
> $
>

Totally immaterial.

> See the double Set-Cookie: PHPSESSID=(foo) there? That's quirky,
> but if you play "last seen wins" then the cookies are usable, on
> the same host:
>
> $ telnet web-3 80
> GET /monitoring.php HTTP/1.0
> Host: OBSCURED
> Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
>
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:28:36 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Vary: Accept-Encoding
> Content-Length: 260
> Connection: close
> Content-Type: text/html
>
> [...]
> GOOD: All Worked
> Connection closed by foreign host.
> $
>
> Now try that cookie on another machine:
>
> $ telnet web-4 80
> GET /monitoring.php HTTP/1.0
> Host: OBSCURED
> Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
>
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:29:19 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Vary: Accept-Encoding
> Content-Length: 4694
> Connection: close
> Content-Type: text/html
>
> [... login page is presented ...]
> Connection closed by foreign host.
> $
>

Totally immaterial.

> This is pure and simple, Auth doesn't like it's own cookies when set
> by another machine. Is it fixable with some hidden setting? That part
> I have not been able to find out, and I suspect the answer is no.
>
> Elijah
> ------
> thinks most web programmers don't know how to think in loadbalanced terms

No, it is obvious you have no idea how a true load balancer (like Google
or Yahoo uses) works. You are trying to gimmick your own, but won't
listen to why it isn't working.

Good luck, stoopid. With that attitude you won't get any help here. We
only try to help those who are willing to learn. You obviously are not.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Freelance Web deveeloper/designer required
Next Topic: json_decode problem
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 04:23:04 GMT 2024

Total time taken to generate the page: 0.04135 seconds