| Re: PEAR Auth package woes [message #178400 is a reply to message #178399] |
Thu, 14 June 2012 00:58   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 6/13/2012 5:51 PM, Eli the Bearded wrote:
> In comp.lang.php, J.O. Aho<user(at)example(dot)net> wrote:
>> I haven't used the PEAR Auth package, but the problem is your cookies,
>> as each has their own subdomain, which makes machine A can't read
>> machine B's cookie, and machines from Colo1 can't read cookies from Colo2.
>
> Bullshit. Each has their own subdomain when viewed from the inside
> interface, but not when reached through the load balancer.
>
Bullshit. The programmers here know how load balancers work. You have
very obviously shown YOU DO NOT.
> I can telnet to machine A, get a cookie, then telnet to machine A and
> have teh cookie accepted or telnet to machine B and have the cookie
> rejected. There is no "can't read cookies" entering into this.
>
telnet is NOT a browser!!
> $ telnet web-3 80
> POST /monitoring.php HTTP/1.0
> Host: OBSCURED
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 40
>
> username=OBSCURED&password=OBSCURED
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:27:41 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Set-Cookie: PHPSESSID=fbp8hencd7pqat7kma9tbn3ek3; path=/
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Set-Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; path=/
> Set-Cookie: authchallenge=e09d912dca24f955c5dc5abcf6e6809e; path=/
> Vary: Accept-Encoding
> Content-Length: 260
> Connection: close
> Content-Type: text/html
>
> [...]
> GOOD: All Worked
> Connection closed by foreign host.
> $
>
Totally immaterial.
> See the double Set-Cookie: PHPSESSID=(foo) there? That's quirky,
> but if you play "last seen wins" then the cookies are usable, on
> the same host:
>
> $ telnet web-3 80
> GET /monitoring.php HTTP/1.0
> Host: OBSCURED
> Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
>
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:28:36 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Vary: Accept-Encoding
> Content-Length: 260
> Connection: close
> Content-Type: text/html
>
> [...]
> GOOD: All Worked
> Connection closed by foreign host.
> $
>
> Now try that cookie on another machine:
>
> $ telnet web-4 80
> GET /monitoring.php HTTP/1.0
> Host: OBSCURED
> Cookie: PHPSESSID=r8gv0iggn0km0igms00mc785k4; authchallenge=e09d912dca24f955c5dc5abcf6e6809e
>
> HTTP/1.1 200 OK
> Date: Wed, 13 Jun 2012 21:29:19 GMT
> Server: Apache/2.2.14 (Ubuntu)
> X-Powered-By: PHP/5.3.2-1ubuntu4.7
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
> Pragma: no-cache
> Vary: Accept-Encoding
> Content-Length: 4694
> Connection: close
> Content-Type: text/html
>
> [... login page is presented ...]
> Connection closed by foreign host.
> $
>
Totally immaterial.
> This is pure and simple, Auth doesn't like it's own cookies when set
> by another machine. Is it fixable with some hidden setting? That part
> I have not been able to find out, and I suspect the answer is no.
>
> Elijah
> ------
> thinks most web programmers don't know how to think in loadbalanced terms
No, it is obvious you have no idea how a true load balancer (like Google
or Yahoo uses) works. You are trying to gimmick your own, but won't
listen to why it isn't working.
Good luck, stoopid. With that attitude you won't get any help here. We
only try to help those who are willing to learn. You obviously are not.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]