NetTalk Central

Author Topic: Session leaks to another connection - or something?  (Read 198 times)

rainerwallenius

  • Jr. Member
  • **
  • Posts: 61
    • View Profile
    • Email
Session leaks to another connection - or something?
« on: March 14, 2019, 03:20:22 AM »
Hi guys.

Never sen this before but this has now happened once and most likely at least another time.
A user enters login-page.
Suddenly user sees a completely other users username and the password is also set.
The users are from completely different organisations and there is no possibility that the username/pw has been used on the computer.

I can not think of anything else than the session has somehow been transferred from one connection to another.

This has caused major concernes in our organsation. Any ideas would be appreciated.

:: rainer

Nettalk 9.18
StringTheory 2.53
Clarion 10


Rene Simons

  • Hero Member
  • *****
  • Posts: 538
    • View Profile
Re: Session leaks to another connection - or something?
« Reply #1 on: March 14, 2019, 04:39:38 AM »
Hi,

Are you using queues in your web-app?

Ren

rainerwallenius

  • Jr. Member
  • **
  • Posts: 61
    • View Profile
    • Email
Re: Session leaks to another connection - or something?
« Reply #2 on: March 14, 2019, 05:07:32 AM »
Hi Ren

No queue,
Login-fields are local variables

Thanks for the idea though.

There are over 20000 logins per month so this is not usual behaviour.

Matthew51

  • Jr. Member
  • **
  • Posts: 90
    • View Profile
    • Email
Re: Session leaks to another connection - or something?
« Reply #3 on: March 15, 2019, 12:38:03 PM »
I've seen this when "Save server state between runs" is enabled, and the server is restarted while users are connected. This was soon after the feature was first introduced, and we haven't had it turned on out side of testing since so it may have been fixed by now. It looked as if all the session data was being given to the wrong session ID when the server started up again. I don't know if this is the same problem you're having or not, just thought I'd toss it out.

rainerwallenius

  • Jr. Member
  • **
  • Posts: 61
    • View Profile
    • Email
Re: Session leaks to another connection - or something?
« Reply #4 on: March 17, 2019, 10:43:21 PM »
Thanks Matthew.

Excellent idea. "Save server state between runs" is off. That is not the solution here.

Still fumbling...

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9566
    • View Profile
Re: Session leaks to another connection - or something?
« Reply #5 on: March 18, 2019, 12:17:11 AM »
What nettalk version are you using?

rainerwallenius

  • Jr. Member
  • **
  • Posts: 61
    • View Profile
    • Email
Re: Session leaks to another connection - or something?
« Reply #6 on: March 18, 2019, 03:07:16 AM »
Hi Bruce

Nettalk 9.18
StringTheory 2.53
Clarion 10

:: rainer

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9566
    • View Profile
Re: Session leaks to another connection - or something?
« Reply #7 on: March 22, 2019, 12:08:18 AM »
>> Nettalk 9.18

Your first plan to should be to update to the current build, and put some sort of update schedule in place.
there are constantly things changing from a security perspective, and so getting this far behind is not good.

cheers
Bruce