6 Replies Latest reply on Mar 10, 2011 3:52 PM by DBO

    Facebook mixed session

    DBO

      I have received 4 reports that internal users, while accessing their Facebook page, are suddently show another internal user Facebook page and able to use it to send message.  I have a screen capture from one of the report showing that he was able to access another internal user page.

       

      Seem that sessions are being mixed up.

       

      Anybody seen / hear that?  Any bug report / fixes?

       

       

      We are using McAfee Web Gateway 6.8.6 build 5788.

        • 1. Re: Facebook mixed session
          DBO

          BTW, the screen shot I have show that Firefox was use by the second user who grab the session.

          • 2. Re: Facebook mixed session
            Jon Scholten

            Hi DBO,

             

            That is a very strange sounding issue! The only way I could see this happen is if somehow the clients were strangely NATed before they got to the Web Gateway and it was a connection mishandling issue on the part of the NATing device.

             

            When in doubt get a tcpdump. Never heard that on Web Gateway.

             

            ~Jon

            • 3. Re: Facebook mixed session
              DBO

              No internal NATing, internal clients using IE and FF have been affected.  It seem that only the first page from the Facebook profile was accessible from one of the report I received.  I cannot confirm if both users were active at the same time or if one has just left.

               

              Can there be a caching problem?

              • 4. Re: Facebook mixed session
                dstraube

                DBO wrote:

                 

                ...

                Can there be a caching problem?

                 

                I thought about this, as it would be a logical explanation. However, Facebook always sends No-Cache headers and the URLs usually have parameters in it. In both cases the content would not be cached by MWG. Per Default (if it's allowed by the browser) Facebook uses cookies, another thing that would not be cached.

                 

                I've did a short test with MWG 6.8.7 and nothing from Facebook (except for images) was cached. I even looked into the cache database, to make sure that it's not even written to the cache. If you are not rewriting the headers somewhere in MWG I think we can rule out the cache as a source of the problem.

                • 5. Re: Facebook mixed session
                  DBO

                  No, no rewriting, nothing special and I have now at least 6 users reporting the problem.  I have to upgrade the appliance this week-end.  Will see next week

                  • 6. Re: Facebook mixed session
                    DBO

                    At support request, we add ICAP bypass to facebook.com and still have the same issue.  Talking to support for our external firewall, one analyst report having seen the same issue in another company, not using WebWasher. 

                     

                    Could it be that facebook is having difficulties with multiple sessions coming from the same IP (the external NAT from our firewall)?