Re: Sv: [phplib] occasional problem with authentication From: darcy w. christ (darcy <email protected>)
Date: 05/04/01

well, it's good to hear that someone is having the same problem. Maybe
we can actually work this one out. i think Klaus's suggestion is a good
place to start. i'm going to try to setup some debugging code for the
ac_store function. i think the only we can try to do is replicate the
problem. Until we can do that, we probably won't be able to resolve
this.

Philip Strnad wrote:
>
> Darcy,
>
> I've been having the exact same problem as you for months.
> Unfortunately, I've never been able to gather enough concrete evidence
> to bring it up on the list because it is, as you said, so random. The
> symptoms seem totally random and it's been bugging the hell out of me.
>
> While I was trying to figure out the problem I tried numerous things,
> one of which was upgrading to 7.2c (from an earlier 7.2 version). I
> think I'm still running on 7.2c, but I'm not 100% sure. Anyway, one of
> the things I did while trying to get to the bottom of this mystery is to
> log ALL login attempts by users. I log the username they enter, the
> password, their IP address, browser, and more importantly, what is
> returned by auth_validatelogin() and whether or not the
> username/password they enter actually matches the one we have in the
> database. The interesting thing is that many times a user is not able
> to login, even though he/she enters the correct username/password. I
> get complaints about this every now and then. When this happens,
> auth_validatelogin() ends up returning 'false'. But why?
>
> A few things I've noticed from looking at the logs I've been keeping:
>
> - the problem has nothing to do with the OS or the browser
> - the problem has nothing to do with the time of day
>
> > debug in db_mysql.inc. What that did was show 3 debug lines. One
> > updating the session, one selecting the session and one inserting
> > another session.
>
> This is indeed strange, and I've noticed similar oddities. For example,
> a user tried to login in at 09:46:24 on 1/3/01, and everything worked
> fine. The next three entries in the log show login attempts for the
> same exact user at the following times: 09:46:33 on 1/3/01 and 09:46:42
> on 1/3/01. Why would a user login to the site three times within 18
> seconds? I don't think anybody would actually do this, and I have
> similar log entries to prove it. What this means is that
> auth_validatelogin() is being called numerous times for some reason, and
> perhaps it's related to what you saw in db_mysql.inc.
>
> Btw, this has nothing to do with adding 'again=yes' in the query
> string. I use this on another site and it causes no problems. The
> whole thing is much more obscure.
>
> Let me know what you think based on what I mentioned above. I hope we
> can get to the bottom of this and then get a fix into the main codeline.
>
> Philip
>
> PS. Have you ever been able to reproduce the problem on your own? I
> have never been able to do this, which makes it that much harder to
> debug. 

-- 
~darcy w. christ
Elegant Communications Inc.
416.362.9772 x222 | 416.362.8324 fax

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>