本地网络下的Kohana PHP会话问题
I have a kohana (php) web site and we have a problem with the sessions when used by computers on a local network under a proxy.
The problem: PC 1 and PC 2 are in the same local network. They use a proxy server to access the external web site. PC 1 access the site with "USER A", he is in the main page now and the site says "Connected with USER A". PC 2 enters the site and access with "USER B", he is in the main page now and the site says "Connected with USER B". PC 1 press F5 to reload the site main page, and the site now says that is logged with "USER B".
The system is installed externally and we have this problem only in this under-proxy network. Access from other PCs also under local networks (but no proxy) don have this problem.
We enabled the "user_token" part in the auth module (it uses a new table named "user_tokens" that uses the browser user agent), but the problem persists.
-- edit -- We are using Kohana 3.0, PHP 5.2.9 and postgres 8.4
我有一个kohana(php)网站,我们在本地计算机使用会话时遇到问题 代理下的网络。 p>
问题: PC 1和PC 2在同一个本地网络中。 他们使用代理服务器访问外部网站。 1使用“用户A”访问该网站,他现在位于主页面,并且该网站显示“已与用户A连接”。 PC 2进入该网站并访问 使用“用户B”,他现在位于主页面,并且网站上显示“已连接用户B”。 1按F5重新加载网站主页,该网站现在显示已使用“用户B”进行记录。 p>
系统安装在外部,我们只在此代理内网络中遇到此问题。 来自本地网络(但没有代理)的其他PC的访问也没有这个问题。 p>
我们启用了auth模块中的“user_token”部分(它使用名为“user_tokens”的新表) 使用浏览器用户代理),但问题仍然存在。 p>
- 编辑 - 我们正在使用Kohana 3.0,PHP 5.2.9和postgres 8.4 p>
Does your proxy support caching? It should NOT cache pages which are different if the client is logged in.
You application may have to set appropriate HTTP headers to tell the proxy that it is not allowed to cache HTTP responses.
If this doesn't fix it, make sure you're not using the client IP address as the Session key. (If you still fancy using the IP, create a whitelist for allowed proxies, then use the HTTP forwarded_for header. It'll only fix the problem for proxies you trust though.)
Can you turn the proxy off temporarily to confirm the issue?
Can you try accessing the site with Firefox and the Firebug extension? This will let you see the exact HTTP response codes and headers that are being sent from the site. Knowing what they are will help us diagnose the problem for you.