Mark Drago wrote:
> On Wed, 2005-10-26 at 20:27 +0200, Christoph Haas wrote:
>> On Wednesday 26 October 2005 20:11, Mark Drago wrote:
>> > The site is http://webmail.ne.rr.com - it's the webmail for the
>> > RoadRunner ISP that one of our customers is using. Our customer gave
>> > us a username and password to help diagnose the problem, but obviously
>> > and
>> > unfortunately I can't pass it on. I can get to the login screen
>> > without a problem, but when I try logging in I get an alert box that
>> > reads: 'Session timed out. Log in again' and it then redirects me back
>> > to the login screen.
>>
>> Sound suspiciously like cookie-based session handling in connection with
>> additional security measures like checking your source IP address. Do you
>> run more than one proxy or distribute requests to different parent
>> proxies in a round-robin fashion? If the peer checks your IP address you
>> will change your source IP address time and again and some authentication
>> systems don't like that.
>
> Yeah I hear what you're saying. However, we're not doing anything like
> that. This proxy is installed at the head of a school's network and all
> of their traffic goes through the proxy. There is only one proxy - it's
> really rather simple. I'm not even quite sure how RoadRunner would be
> able to tell that the connection is going through a proxy. Since the
> error is a javascript alert I would really like to look at the
> javascript that they're sending back.
You could try using a packet sniffer, such as ethereal.
Adam
Received on Fri Oct 28 2005 - 22:10:27 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST