In case you’ve installed Varnish but not Pressflow (for Drupal 6), following scenario may happen:

  1. User A logs is, gets sessionid A
  2. User A changes something and loads a new page
  3. While loading the new page, a js or css-file is being downloaded from Varnish (example: /sites/default/files/js/js_79eb17289b3a88ec931b6f4bdb728282.js)
  4. The next file that is being downloaded is a jpg. This file doesn’t come from the Varnish cache and gives a new sessionid to the user (sessionid B)
  5. The requested page is being served correctly because it was requested with sessionid A. The user is unaware that he has a new sessionid because it happened during the loading of the page elements.
  6. The user clicks on another page and sends a new request with sessionid B.
  7. Drupal checks sessionid B and sees that it the session belongs to an anonymous user. Result: the user gets an “Access Denied” and is logged out.

Solution: install Pressflow. It will stop giving sessionids to the client.

(this post only applies if you have installed Varnish)


Rss Comments

Comments

No comments yet.

Leave a comment






Wordpress.org clearPaper by CreativeBits.it Copyright © 2012-2019 Robin Brackez. All rights reserved. By visiting this site you agree to accept cookies that are purely used to check how many visitors I have. Theme by: creativebits. Custom adaptations by Robin Brackez.