[Tickets #3386] logouts due to imp_key cookie timeouts.
bugs@bugs.horde.org
bugs at bugs.horde.org
Tue Feb 28 10:18:12 PST 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3386
-----------------------------------------------------------------------
Ticket | 3386
Updated By | Michael Slusarz <slusarz at mail.curecanti.org>
Summary | logouts due to imp_key cookie timeouts.
Queue | Horde Framework Packages
Version | HEAD
State | Assigned
Priority | 3. High
Type | Bug
Owners | Horde Developers
-----------------------------------------------------------------------
Michael Slusarz <slusarz at mail.curecanti.org> (2006-02-28 10:18) wrote:
> another patch to make imp authentication more resilient against
> disappearing cookies, due to timeouts or browser "quirks". this will
> recover the password from the horde credentials if possible, or
> invalidate the session if the horde credentials can't be decrypted.
> this gives the user a session error instead of a login error, which
> may be less alarming, and prevents the failed IMAP login, which takes
> time (10 to 15 seconds in our case) and leaves ugly log entries both
> on the horde/imp server and the imap server.
Shouldn't this be fixed with the other commit referenced in this ticket?
the cookies - auth and app specific - are set within microseconds of each
other, but cookie expiration are only allowed in seconds so this expiration
value should be at most no more than a second different from each other.
this code is also invalid if not using 'hordeauth'.
More information about the bugs
mailing list