Re^3: Perl/Cookie and data transmission

It sounds to me like it could very likely be their network if only computers from inside their network (and more than one of them) are having the problem. Especially if the login works from other locations.

As for what exactly could be the problem, here are a couple guesses..

Maybe your client in question is running through a proxy that doesn't want to update or pass through his cookies properly.

Maybe his browser at work has higher security settings than the machine you tested his login on elsewhere, or the settings are triggered differently based on where you login from -- for example, if you login from the same subnet as the server, perhaps that loosens restrictions.

I can't really think of many other network-related settings. Get some debug info on the server side to help narrow down the issue: make scripts that will just dump their args and cookies back to the browser and you can see exactly what is being updated and when.

Hope that helps.

- P

Comment on Re^3: Perl/Cookie and data transmission

Replies are listed 'Best First'.
Re^4: Perl/Cookie and data transmission by Sylvyr (Initiate) on Jun 06, 2005 at 18:52 UTC
UPDATE: Thanks for your help. I switched the system around a little and instead of storing the session ID in a cookie, I'm passing it through the URL in stead. Access wise, everything is working fine. I was wondering if anyone had any tips on beefing up the security. I know having the SID in plain sight isn't the safest thing in the world, but I've also taken a few minor steps in keeping it secure. The creation of my SID is a very reliable, random, process. So I think I've done well there. I'm also checking the user's IP against the person who originally logged in. (I know this can be troublesome with proxies and what not, and I also know it's possible to spoof an IP rather easily in a browser.) So with that said... Any security suggestions would be great.	[reply]

Replies are listed 'Best First'.

Re^4: Perl/Cookie and data transmission
by Sylvyr (Initiate) on Jun 06, 2005 at 18:52 UTC

Thanks for your help.

I switched the system around a little and instead of storing the session ID in a cookie, I'm passing it through the URL in stead. Access wise, everything is working fine.

I was wondering if anyone had any tips on beefing up the security. I know having the SID in plain sight isn't the safest thing in the world, but I've also taken a few minor steps in keeping it secure.

The creation of my SID is a very reliable, random, process. So I think I've done well there. I'm also checking the user's IP against the person who originally logged in. (I know this can be troublesome with proxies and what not, and I also know it's possible to spoof an IP rather easily in a browser.)

So with that said... Any security suggestions would be great.

[reply]