[imp] strange session problem

Sat Aug 6 09:35:54 PDT 2005

Hi Julio, hi Jan,

I was indeed able to solve our problem:

The problem is that the write() function from Horde class Secret (Secret.php),
generates a different result on our 2 differnet platforms (x86 Solaris 
and Sparc Solaris). But this is just the case when the function call 
@mcrypt_module_open(MCRYPT_GOST, '', MCRYPT_MODE_ECB, '') returns 
false, because then the Horde_Cipher encrypt() function is used and 
this function seams not to produce the same results on different 
platforms.
Which of course leads to problems when the loadbalancer switches the 
client between machines with different platforms within a single 
session, because decryption of encrypted data doesn't work anymore.

In my case I always thought that mcrypt works, I had compiled it into 
PHP and the Horde test.php script also told me that I have a working 
mcrypt integration.
Unfortunately that wasn't true. So I found that I had to recompile 
libmcrypt (version 2.5.7) with the following configure options:

./configure --disable-posix-threads --enable-dynamic-loading After that 
I recompiled PHP and now the @mcrypt_module_open(MCRYPT_GOST, '', 
MCRYPT_MODE_ECB, '') function call was working properly and the 
encryption with the mcrypt functions leads to the same results on the 
different platforms.

I didn't have time to check why the Horde internal encryption doesn't 
give same results on different platforms. So maybe someone from the 
Horde team could look at this.

I hope that helps....

Didi

Quoting Julio Molina <jcmolina at gmail.com>:

> Didi Rieder <adrieder <at> sbox.tugraz.at> writes:
>
>>
>> Hi,
>>
>> we just recently added 2 new servers to our Horde/IMP farm. The old servers
>> are running
>> under Sparc/Solaris 9 and the new ones under x86/Solaris 10. All theses
>> servers are located behind a Cisco loadbalancer and sessions are stored in
>> a mysql-DB on a separate
>> server. The Horde/IMP installation is the same on all the servers (copied
>> from one to all
>> the others).
>> Now, when a user logs on (IMP is used to authenicate) it gets directed to
>> one of the servers by the loadbalancer. Lets assume it is one of the old
>> server. After clicking a while and reading messages, the loadbalancer
>> directs the request to another server, so far so good. If the request is
>> directed to one of the old (Sparc/Solaris 9) servers everything is fine,
>> but if the request is directed to one of the new (x86/Solaris 10) servers
>> the user gets logged out (imap authenitcation failure).
>> If the first login is done on one of the new server, then everything is
>> fine as long as the requests are directed to one of the new server. It
>> fails again if a switch between an old and a new server is done.
>>
>> Can someone think of a good reason for this behavior? Or can someone
>> suggest a solution
>> for the problem?
>>
>> We could use sticky connections using the session cookie, but then the
>> Horde cookie would have to have an uniq prefix for every server (see:
>> <http://makeashorterlink.com?E1FE2187B>) and I don't know how to do that.
>>
>> Thanks for any hint
>>
>>     Didi
>>
>
> Didi
>
> Have you had any luck solving this issue? I'm having the exact same 
> problem we
> have a Cisco CSM Module and 2 Horde/IMP installations. We are having 
> the problem
> of users getting logged out due the fact that the loadbalancer sends 
> the session
> to a different server. We've tried to configure sticky connections 
> with timers
> of 60 minutes and still we are faced with this problem. Our CSM configuration
> looks as follows:
>
> serverfarm WEBMAIL
>  nat server
>  no nat client
>  real X.X.X.X
>   inservice
>  real X.X.X.X
>   inservice
>  probe WWW
>
> sticky 3 netmask 255.255.255.255 timeout 60
>
> vserver WEBMAIL
>  virtual X.X.X.X tcp www
>  serverfarm WEBMAIL
>  sticky 60 group 3
>  persistent rebalance
>  inservice
>
>
> I would appreciate any information you can share.
>
> --
> IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>

-- 
-------------------------
Didi Rieder
adrieder at sbox.tugraz.at
PGPKey ID: 3431D0B0
-------------------------