For whatever reason, be it the seed algorithm or the hashing algorithm or something else that degenerates the randomness - the duplicate session ID problem is very, very common.
I discovered this problem because a few of our users suddenly found themselves with the sessions from administrative accounts. Luckily they alerted us instead of causing mayhem. There were at least three separate occasions of this in the last week - that we heard about. We have also seen this a number of times with other game components - users suddenly finding themselves logged in as other people. It probably explains the recent post to tomcat-user included below. Here at my company this problem caused about as much panic as a wildfire breaking out in the machine room (read: LOTS). I humbly suggest raising the level of concern a bit; post a security bulletin, etc. Jeff Schnitzer [EMAIL PROTECTED] The Sims Online > -----Original Message----- > From: Michael Molloy [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 08, 2003 2:13 PM > To: Tomcat Users List > Subject: One other freaky thing > > Our application is running on a server in Pennsylvania. A user there > was working as well as a user in Tennessee. The user in Tennessee got > an error on a page, hit her back key, and the user in Pennsylvania's > screen showed up on the Tennessee user's screen. The people in > Tennessee are connected to the Pennsylvania system via a frame relay. > > Everything is contained within each user's session, so this should > never happen. The application has been under development for a year > now, and this has never happened before. > > Some kind of weird bug that we shouldn't worry about, or something that > someone else has encountered? > > Thanks for any help, > --Michael Molloy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
