Hello Mailinglist,

I have the following problem:
Users get while working in the mail webclient another users session!

We had like 4 or 5 incidents in the last few month (so, the rate is very low, but could be higher as it is possible that not everyone reports these kinds of incidents and after you close and reopen your browser all is normal anyway).

The Zimbra solution is in place from January until know, the incidents first appeard (or where first reported) 3 or 4 month ago, we checked and could not find anything which could possible correlate to this problem in this timeframe (e.g. installations of other proxy, upgrades, etc.)


I have at least a more detailed report from one User:

The User has several emails in his Inbox.
He clicks on one of them, then an error messages appears.
-> It did not look like a windows error message
-> The User did not remember what the message said (philosophical issue)
-> There was a link in this errormessage which the user clicked
Then he was suddenly in the Inbox of another user.

The User called the internal IT department which tried to investigate
-> After browser stop and start everything worked, so no possible cookie stuff problem
-> The wrongly displayed Users never was connected on this machine
-> A basic log file analysis on the proxy and mail server reveiled not much

Server Setup:

All Users connect directly to the Proxy Server
-> apache on x86_64 bit linux, redhat enterprise linux server 5.3 tikanga
-> The system is prepared to do loadbalancing between the zimbra's, but currently only one zimbra is in production
-> Serves as a proxy for other systems as well, partly configured as:

Proxy modules
LoadModule proxy_module /etc/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module /etc/httpd/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module /etc/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module /etc/httpd/modules/mod_proxy_http.so
LoadModule proxy_ajp_module /etc/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module /etc/httpd/modules/mod_proxy_balancer.so

Zimbra configuration in Apache:
<VirtualHost *:80>
ServerAdmin sistema@DOMAIN.net
ServerName webmail.DOMAIN.net
ServerAlias correu.DOMAIN.net

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://webmail.DOMAIN.net
</VirtualHost>

<VirtualHost *:443>
ServerAdmin sistema@DOMAIN.net
ServerName webmail.DOMAIN.net
ServerAlias correu.DOMAIN.net
SSLProxyEngine On
ErrorLog /var/log/httpd/defecte-error_log
CustomLog /var/log/httpd/defecte-access_log combined

<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/wildcard.DOMAIN.net.crt
SSLCertificateKeyFile /etc/httpd/ssl/wildcard.DOMAIN.net.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</IfModule>

ProxyPass / http://ZIMBRA-IP1/
ProxyPassReverse / http://ZIMBRA-IP1/
</VirtualHost>

I do not see anything special in the setup, but I as well am new to zimbra, is there another/better way to proxy?
Where could the problem otherwise be originiated?
Better use ajp for proxying?

Thanks for your time and help
best
Ray