[Tickets #3386] logouts due to imp_key cookie timeouts.

bugs@bugs.horde.org bugs at bugs.horde.org
Tue Feb 28 10:18:12 PST 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3386
-----------------------------------------------------------------------
 Ticket             | 3386
 Updated By         | Michael Slusarz <slusarz at mail.curecanti.org>
 Summary            | logouts due to imp_key cookie timeouts.
 Queue              | Horde Framework Packages
 Version            | HEAD
 State              | Assigned
 Priority           | 3. High
 Type               | Bug
 Owners             | Horde Developers
-----------------------------------------------------------------------


Michael Slusarz <slusarz at mail.curecanti.org> (2006-02-28 10:18) wrote:

> another patch to make imp authentication more resilient against 
> disappearing cookies, due to timeouts or browser "quirks".  this will 
> recover the password from the horde credentials if possible, or 
> invalidate the session if the horde credentials can't be decrypted.  
> this gives the user a session error instead of a login error, which 
> may be less alarming, and prevents the failed IMAP login, which takes 
> time (10 to 15 seconds in our case) and leaves ugly log entries both 
> on the horde/imp server and the imap server.

Shouldn't this be fixed with the other commit referenced in this ticket? 
the cookies - auth and app specific - are set within microseconds of each
other, but cookie expiration are only allowed in seconds so this expiration
value should be at most no more than a second different from each other.

this code is also invalid if not using 'hordeauth'.




More information about the bugs mailing list