Users are still getting switched around. The problem was with our cookies and images: 1) user requests http://rhn.redhat.com/rhn/help/reference/rhn405/en/stylesheet-images/tip.png we send back the image and the headers: Set-Cookie: rh_auth_token=4483454:1141758581x7ab3843112841343b95825029e2e214b; Domain=.redhat.com; Expires=Tue, 07-Mar-2006 20:09:41 GMT; Path=/ Set-Cookie: pxt-session-cookie=2507456287x371ef042b7ba65eb81782069dfe79d28; Domain=rhn.webqa.redhat.com; Expires=Tue, 07-Mar-2006 20:09:41 GMT; Path=/; Secure 2) our apache proxy that sits in front of the java/tomcat box sez: "Hey, this is an image, lets cache it!". So it caches the image, but also caches the headers from step 1. 3) another user requests: http://rhn.redhat.com/rhn/help/reference/rhn405/en/stylesheet-images/tip.png they were logged in as themselves, but suddenly they are logged in as user from step 1. This is because the proxy layer said: "hey, I have this in my cache, lets give it back to the user" but not only did they get the image, they also got the cookies from user1. Switcharoo. The reason we didn't see this until 405 was the docs weren't being served from tomcat until 405 was released and all the other images that RHN uses are served from apache and don't have this issue. Bryan Kearney wrote: > Ok.. can you explain for the dumb folks in the room. > > -- bk > > > Mike McCune wrote: > >> we solved the problem. Here was our eureka moment (i'm probably hexing us by sharing this): >> >> on rhnphy.back-webdev: >> >> (12:18:57) mmccune: /var/cache/httpd/D/e/V >> (12:19:03) mmccune: # ls -al >> (12:19:04) mmccune: total 12 >> (12:19:04) mmccune: drwx------ 2 apache apache 4096 Mar 7 15:16 . >> (12:19:04) mmccune: drwx------ 3 apache apache 4096 Mar 7 15:09 .. >> (12:19:04) mmccune: -rw------- 1 apache apache 3585 Mar 7 15:16 YGANJ7o2fUXGPZaMZeg >> (12:19:04) mmccune: [root@rhnphy V]# >> (12:19:19) mmccune: [root@rhnphy V]# more YGANJ7o2fUXGPZaMZeg >> (12:19:19) mmccune: 00000000440DEA39 0000000043FF27C9 000000003D2527D0 0000000000000003 00000000440DEA39 00000000440DEA39 00000000000007A2 >> (12:19:19) mmccune: X-URL: http://rlx-2-10.rhndev.redhat.com/rhn/help/reference/rhn405/en/stylesheet-images/tip.png >> (12:19:19) mmccune: Accept: image/png,*/*;q=0.5 >> (12:19:19) mmccune: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> (12:19:19) mmccune: Accept-Encoding: gzip,deflate >> (12:19:19) mmccune: Accept-Language: en-us,en;q=0.5 >> (12:19:19) mmccune: Connection: keep-alive >> (12:19:19) mmccune: Cookie: JSESSIONID=0CC9BE562F5EDCE609FDA1FE9E60807E; rh_auth_token=0:1141762166x753cc1aad1b272d0df0f26f82c924d21; pxt-session-cookie=2343597690x38cb985ea49cbc660826794d25f2d3c9; s_vi=[CS]v1|4403566C00003D08-A160B080000002D[CE]; s_cc=true; s_sq=%5B%5BB%5D%5D >> (12:19:19) mmccune: Host: rhn.webdev.redhat.com >> (12:19:19) mmccune: Keep-Alive: 300 >> (12:19:26) mmccune: neato! >> (12:20:25) mmccune: <VirtualHost rhn.webdev.redhat.com:443> >> (12:20:25) mmccune: ... >> (12:20:30) mmccune: CacheRoot /var/cache/httpd >> (12:20:30) mmccune: CacheSize 2560000 >> (12:20:30) mmccune: CacheMaxExpire 6 >> (12:20:30) mmccune: </VirtualHost> >> (12:24:07) mmccune: HEAD -e https://rhn.webqa.redhat.com/rhn/help/reference/rhn405/en/figs/software-manager/icon_management.png |grep Cookie >> (12:24:07) mmccune: Set-Cookie: rh_auth_token=4483454:1141758581x7ab3843112841343b95825029e2e214b; Domain=.redhat.com; Expires=Tue, 07-Mar-2006 20:09:41 GMT; Path=/ >> (12:24:07) mmccune: Set-Cookie: pxt-session-cookie=2507456287x371ef042b7ba65eb81782069dfe79d28; Domain=rhn.webqa.redhat.com; Expires=Tue, 07-Mar-2006 20:09:41 GMT; Path=/; Secure >> (12:24:27) mmccune: HEAD -e https://rhn.webdev.redhat.com/img/logo_header_network.gif |grep Cookie >> (12:24:27) mmccune: [mmccune@cascade ~]$ >> >> don't set headers/cookies on img files. >> > -- Mike McCune mmccune Engineering Team Lead | Portland, OR Red Hat Network | 650.567.9039x79248
TEST PLAN ---------- 1) login to rhn from 2 different machine or 2 different browsers i.e. firefox and konqueror (2 machines is easier) as 2 different users i.e. commandcenter & jesusr_redhat 2) Browse to help Help -> Reference Guide -> Red Hat Network 4.0.5 Reference Guide -> English -> 3. Red Hat Network Daemon (do the above for both browsers) 3) now from the commandcenter user, click next '>' a few times 4) now from the jesusr_redhat user do the same after 2 or 3 clicks you WOULD'VE become commandcenter. With this fix you will NOT become commandcenter you remain yourself.
this works in webqa
verified in prod