[Tickets #9733] Re: Password lost during hordeauth authentication via API
bugs at horde.org
bugs at horde.org
Sun Sep 30 19:17:09 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9733
------------------------------------------------------------------------------
Ticket | 9733
Updated By | Michael Rubinsky <mrubinsk at horde.org>
Summary | Password lost during hordeauth authentication via API
Queue | Horde Base
Version | Git master
Type | Bug
State | Resolved
Priority | 2. Medium
Milestone | 4.1
Patch |
Owners | Michael Rubinsky
------------------------------------------------------------------------------
Michael Rubinsky <mrubinsk at horde.org> (2012-09-30 19:17) wrote:
> Forget about the above remark, the zero length sessions are created
> regardless of the presence of the above line. So somehow when using
> the Horde_Session_Null handler, the Horde configuring settings for
> the session handler are ignored and the session handler as
> configured in 'php.ini' is used.
This is a side effect of the Null handler calling session_start().
Even though we don't store any data in the session, we still must tell
PHP to create one, otherwise certain data that is required to be
available will not be. E.g., session_id() is used by Horde_Secret as
an encryption key. The absence of this value breaks authentication in
certain places.
More information about the bugs
mailing list