Opened 16 years ago
Closed 16 years ago
#7321 closed defect (invalid)
IntegrityError and login as somebody else
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | highest | Milestone: | |
| Component: | general | Version: | 0.11rc2 |
| Severity: | critical | Keywords: | urandom |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Sometimes, trying to login we get an error similar to below message
IntegrityError: (1062, "Duplicate entry '19c3c13591ddaf8cfba741a3923d8600-88.250.85.216-mehmet' for key 1")
Also there are times when all of a sudden I realize that I am logged in as a colleague of mine. I try to log out and log back in as myself and get the above message or if I am successful this time my colleague switches to my username.
Trying to login while somebody else is logged in always produces this problem. We tried it with and without AccountManagerPlugin. Looking at auth_cookie table, every logged in user has the same cookie value. Tried the sha patch mentioned in #2570 and that didn't fix, just changed the format of cookie values in auth_cookie table.
Thought might be related to how users are all coming from the same ip and using NAT, so I tried from different locations and problem remains.
Was using 0.11r1 and upgraded to 0.11r2 and no change.
Python 2.5.2 Apache 2.2.3 MySql 5.0.22 CentOS 5
Python 2.5.2 is installed as a separate install under /usr/local/. This must be related to issues mentioned in #2570 but cannot figure out.
Attachments (0)
Change History (6)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
For a temporary fix changed line 260 on trac/util/init.py
- return sha.new(str(random.random())).hexdigest()[:bytes] + return sha.new(str(time.time())).hexdigest()[:bytes]
It works now. Curious to see comments?
comment:3 by , 16 years ago
I looks like random() is returning duplicate values here, which seems unlikely.
Please add some debug output to the hex_entropy function so we can see where it's going wrong:
def hex_entropy(bytes=32):
import sha
import random
rval = str(random.random())
digest = sha.new(rval).hexdigest()
print>>sys.stderr, "Random: %r, Digest: %r'" % (rval, digest)
return digest[:bytes]
If you're using mod_python or mod_wsgi this should show up in your Apache error log whenever someone logs in.
comment:4 by , 16 years ago
Seems like random is broken. Getting the below values for everybody.
Random: '0.68964745653', Digest: '2c4c0fb938617dae1a318f5d5a2564633e3670cc'
Tried to execute your debug code multiple times on command line and every time we are getting values in the following order.
Random: '0.68964745653', Digest: '2c4c0fb938617dae1a318f5d5a2564633e3670cc'
Random: '0.48830073413', Digest: 'c8e405adcbc0051933a97825a94a164fe4359c7d'
Random: '0.263957988265', Digest: '55ac47740591c6c002ec2213d8ebd7acbdd9f985'
….
comment:5 by , 16 years ago
OK. Looks like /dev/urandom was broken on this machine. Removed it and executed MAKEDEV urandom and that seems to have fixed it.
comment:6 by , 16 years ago
| Keywords: | urandom added |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
Cool, thanks for tracking this down! I'll close this as invalid then.
For a temporary fix changed line 260 on trac/util/init.py
+ return sha.new(str(time.time())).hexdigest()[:bytes]
It works now. Curious to see comments?