Hello, Yesterday morning our ISP upgraded our debian server to Apache/1.3.33 and mod_perl/1.29. Yesterday evening we got a report of a visitor who claimed to have seen another visitor's data. Inspecting the access log indeed shows that this visitor had clicked on hyperlinks that he should not have been able to see, and might have captured another user's session this way.
Our website gets hundreds of hits per minute on busy times and has been happily running mod_perl for about 4 years now, without any problem, so I suspect it has something to do with the upgrade earlier that day. Could there be a problem that the output buffer of a previous request is not flushed completely (due to a broken connection perhaps), so that part of the output gets sent to the next client of the same process? Any other ideas where to look? Any help is appreciated! Thanks, Joost
