Bizarre perlbal problem

Brad Fitzpatrick brad at danga.com
Fri Nov 18 09:55:00 PST 2005


Does your backend's session management assuming that for a given
connection, the same user will always be on that connection?  What backend
do you use, btw?

If so, that's your problem, since Perlbal mixes up requests and
connections.  (on purpose... it's a huge optimization)

- Brad


On Fri, 18 Nov 2005, Dormando wrote:

> (sorry, couldn't resist :P)
>
> We got HTTP 1.0 keepalives working (for the most part) late in the day
> yesterday. Overnight we witnessed a pretty bad glitch where our users
> would randomly get other user's site cookies and become logged in as
> someone else.
>
> It happened in a small percentage of users, but turning off the backend
> keepalives seems to have removed the issue. We're still investigating on
> our end, but I'm having a hard time even speculating how that happened;
> was perlbal sending back responses from clients other than the
> requestor? Any insight?
>
> Other things that came to mind:
>   - It's possible sometimes we return an improper content-length.
>   - If a client connection closes before reading any data back from its
> connection, does perlbal always junk the backend request before reusing it?
>
> I do have a weird routing setup in order to have two perlbal processes
> running on the same IP address, but since that's just on the frontend
> and only for incoming requests, I can't see how the responses would get
> switched... If they were, it'd happen a lot more often than with what we
> saw.
>
> Thanks,
> -Alan
>
>


More information about the perlbal mailing list