[Tickets #7819] User can't get back recompose data -- gets "..

bugs at horde.org bugs at horde.org
Wed Dec 31 08:18:09 UTC 2008


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/7819
------------------------------------------------------------------------------
  Ticket             | 7819
  Created By         | coleman at boulder.nist.gov
  Summary            | User can't get back recompose data -- gets "..
  Queue              | IMP
  Version            | 4.3.2
  Type               | Bug
  State              | Unconfirmed
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


coleman at boulder.nist.gov (2008-12-31 03:18) wrote:

When a user is logged out while a compose window is still active,
the user gets the error "We cannot verify that this request was really  
sent by you. It could be a malicious request." The problem is due to  
the $_SESSION variable being unset when
the user was logged out. When the user logs back into the compose  
page, checkRequestToken returns an error since the SESSION was erased,  
thus the value
of $_SESSION['horde_form_secrets'] is NULL. This can never be set in  
this situation
since the code to set it occurs further down in compose.php when it is  
set as a part of
setting the template for the compose window further in the code.






More information about the bugs mailing list