[Tickets #6910] Re: Horde requires cookies
bugs at horde.org
bugs at horde.org
Fri Jun 13 08:12:41 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/6910
-----------------------------------------------------------------------
Ticket | 6910
Updated By | Jan Schneider <jan at horde.org>
Summary | Horde requires cookies
Queue | Horde Base
Version | HEAD
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
-----------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2008-06-13 04:12) wrote:
I'm not sure why this is an issue, let alone high priority? The point
is that it should still work with cookies turned off and that seems to
be the case. There are more places we set cookies unconditionally,
actually anywhere where we set them through javascript instead of PHP.
Regarding Secret, IIRC off my head we try to establish a shared secret
for the browser session. A cookie with some random token is considered
the most secure, if that fails we build a token from the browser
connection (IP, user agent?). We could probably check the
configuration if cookies are turned off completely, instead of trying
to send the cookie and verifying whether we get it back. But I still
don't see why this is an issue.
More information about the bugs
mailing list