[ic] Unauthorized for that session

Dan Bergan dan at berganconsulting.com
Sat Mar 2 21:10:51 UTC 2013

On Sat, Mar 2, 2013 at 1:12 PM, Grant <emailgrant at gmail.com> wrote:
> Do you ignore these entries in the global error.log?  Looking over my
> log, this message is logged for all types of strange requests.  Lately
> I'm getting a fair number of requests like this:
> http://www.example.com/page.html?id='A=string
> "page" changes but is always a valid page.  "string" is 9 characters
> long and doesn't change.
> Is there anything to watch out for with this?

I'm seeing this as well, but I'm getting this error:
Malformed session identifier: 'A=0gkd9LaF3QhmE

I'm seeing the same string from multiple ip addresses.  And then later,
I'll see a different string start coming in from multiple ip addresses.
28-Feb: 'A=0gkd9LaF3QhmE
01-Mar: 'A=0XmLmm3PwDpRw
02-Mar: 'A=0XmLmm3PwDpRw

(the first time I saw the error was on Feb. 28.)

I'm seeing another error as well (this one started earlier, and it is also
 Malformed session identifier: CmKVrLodHYgb"'

The string will change, but it always ends in a double quote followed by a
single quote.

My first thought was that it might be related to this:

But, I really have no idea what they are trying to do, but it does seem

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20130302/578ce80a/attachment.html>

More information about the interchange-users mailing list