Bizarre perlbal problem
dormando at rydia.net
Fri Nov 18 09:36:45 PST 2005
(sorry, couldn't resist :P)
We got HTTP 1.0 keepalives working (for the most part) late in the day
yesterday. Overnight we witnessed a pretty bad glitch where our users
would randomly get other user's site cookies and become logged in as
It happened in a small percentage of users, but turning off the backend
keepalives seems to have removed the issue. We're still investigating on
our end, but I'm having a hard time even speculating how that happened;
was perlbal sending back responses from clients other than the
requestor? Any insight?
Other things that came to mind:
- It's possible sometimes we return an improper content-length.
- If a client connection closes before reading any data back from its
connection, does perlbal always junk the backend request before reusing it?
I do have a weird routing setup in order to have two perlbal processes
running on the same IP address, but since that's just on the frontend
and only for incoming requests, I can't see how the responses would get
switched... If they were, it'd happen a lot more often than with what we
More information about the perlbal