[Tickets #1801] first time imp authentication error with hordeauth

bugs@bugs.horde.org bugs at bugs.horde.org
Wed May 4 04:56:13 PDT 2005


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=1801
-----------------------------------------------------------------------
 Ticket             | 1801
 Updated By         | kevin_myer at iu13.org
 Summary            | first time imp authentication error with hordeauth
 Queue              | Horde Base
 Version            | 3.0.4
 State              | Assigned
 Priority           | 2. Medium
 Type               | Bug
 Owners             | Horde Developers
-----------------------------------------------------------------------


kevin_myer at iu13.org (2005-05-04 04:56) wrote:

Here's some additional information I've found with this:

For us, its either a first-time or second-time authentication error with
IMP.  One install, with IMP setup as the initial application, displays my
INBOX the first time, but I get an authentication error when I click on a
message to read it.  Another install immediately throws me into a redirect
loop.

If I stop the redirect loop, and have a mail summary block in my portal
view, I'm able to login successfully in the second looping scenario.

I've captured some packets in the first scenario, which seems to be
reproducible for the first login attempt, per browser session (i.e. if I
quit the browser and restart it, the first attempt to access a message after
logging in will fail.  If I just logout and back in, I don't have the
problem).  The username and password that is being passed on the failed
login is:  kevin_myer {8}.

We're using IU13 for $conf['session']['name'].

For a failed login, the value of the cookie set for IU13 == the value set
for imp_key, and auth_key is different (this seems to be true for all failed
logins).  Sometimes for a successful login, IU13 != auth_key != imp_key. 
But sometimes, I think auth_key == imp_key too.

imp_key remains the same, even after a logout.

Should the cookie values be getting cleared after a successful logout or
only after the browser is closed?

Going to see if I can figure out what different code path the mail summary
block takes for authentication, versus a traditional display the INBOX and
click on a message authentication...




More information about the bugs mailing list