Home » Blogs » David Goodwin's blog

Drupal and Suhosin

Submitted by David Goodwin on Mon, 07/01/2008 - 11:24.

Just a quick note (and thanks to Tom for phoning me over this) - sorry if you've only been able to see garbage when viewing this site.

I believe the problem is down to me using Suhosin's ability to encrypt cookies and session data, combined with Drupal's caching system.

So, if you decide to enable 'suhosin.session.encrypt' or 'suhosin.cookie.encrypt' beware - you'll probably need to do the following too :

  • Delete everything from the 'sessions' table of drupal
  • Delete everything from the various cache tables of drupal (cache_page, cache_filter, cache_menu, cache_content)

Then, hopefully everything will be alright, and work correctly :)

Otherwise, random visitors will see worringy content that looks almost as if you're transmitting binary files to them, or are sending a HTTPS style response back to them over HTTP.

Technorati Tags:
»

hmm... or not

Submitted by David Goodwin on Tue, 08/01/2008 - 22:17.

After doing the above, I still had reports that the pages appeared weird/encrypted/rubbish....

So, somehow, Drupal is filling it's cache with crap.

Turning off the site's caching fixed the problem, but isn't totally ideal.

»

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is used to make sure you are a human visitor and to prevent spam submissions.
2 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.