Kohana PHP sessions problem under a local network

Question

I have a kohana (php) web site and we have a problem with the sessions when used by computers on a local network under a proxy.

The problem: PC 1 and PC 2 are in the same local network. They use a proxy server to access the external web site. PC 1 access the site with "USER A", he is in the main page now and the site says "Connected with USER A". PC 2 enters the site and access with "USER B", he is in the main page now and the site says "Connected with USER B". PC 1 press F5 to reload the site main page, and the site now says that is logged with "USER B".

The system is installed externally and we have this problem only in this under-proxy network. Access from other PCs also under local networks (but no proxy) don have this problem.

We enabled the "user_token" part in the auth module (it uses a new table named "user_tokens" that uses the browser user agent), but the problem persists.

-- edit -- We are using Kohana 3.0, PHP 5.2.9 and postgres 8.4

Answer 1

Does your proxy support caching? It should NOT cache pages which are different if the client is logged in.

You application may have to set appropriate HTTP headers to tell the proxy that it is not allowed to cache HTTP responses.

If this doesn't fix it, make sure you're not using the client IP address as the Session key. (If you still fancy using the IP, create a whitelist for allowed proxies, then use the HTTP forwarded_for header. It'll only fix the problem for proxies you trust though.)

Answer 2

Can you turn the proxy off temporarily to confirm the issue?

Can you try accessing the site with Firefox and the Firebug extension? This will let you see the exact HTTP response codes and headers that are being sent from the site. Knowing what they are will help us diagnose the problem for you.