[Tickets #9438] Re: authentication fails via syncml
bugs at horde.org
bugs at horde.org
Mon Mar 7 16:09:52 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9438
------------------------------------------------------------------------------
Ticket | 9438
Updated By | logan.owen at gmail.com
Summary | authentication fails via syncml
Queue | Synchronization
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone | 4.0
Patch | 1
Owners | Jan Schneider
------------------------------------------------------------------------------
logan.owen at gmail.com (2011-03-07 16:09) wrote:
Jan,
Sorry, I did not do a very good job of explaining.
Basically, the problem occurs when the client makes multiple requests
to the server.
The first request starts the session with the md5(sessionId .
deviceId) [KEY A]. Then it authenticates successfully, which causes
the server to regenerate the session key [KEY B]. Then, at close(),
the server stores that the client is auth'd under the new session key
[KEY B].
The client makes a second request, which does not include auth data,
because it auth'd successfully on the first request. However, it is
not aware of the new session id, as there is no facility in SyncML
for the server to regenerate the session key. So, the server starts a
session with md5(sessionId . deviceId) [KEY A] and looks to see if the
client is auth'd, but it isn't, because the auth data was stored under
a different session key [KEY B]. So this time the client request
fails because the server does not recognize it as being authenticated.
Sorry if I am still not being clear.
-- Logan
More information about the bugs
mailing list