[Tickets #7819] Re: User can't get back recompose data -- gets "..
bugs at horde.org
bugs at horde.org
Wed Dec 31 20:38:53 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7819
------------------------------------------------------------------------------
Ticket | 7819
Updated By | coleman at boulder.nist.gov
Summary | User can't get back recompose data -- gets "..
Queue | IMP
Version | 4.3.2
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
coleman at boulder.nist.gov (2008-12-31 03:18) wrote:
When a user is logged out while a compose window is still active,
the user gets the error "We cannot verify that this request was really
sent by you. It could be a malicious request." The problem is due to
the $_SESSION variable being unset when
the user was logged out. When the user logs back into the compose
page, checkRequestToken returns an error since the SESSION was erased,
thus the value
of $_SESSION['horde_form_secrets'] is NULL. This can never be set in
this situation
since the code to set it occurs further down in compose.php when it is
set as a part of
setting the template for the compose window further in the code.
More information about the bugs
mailing list