[Tickets #9733] Re: Password lost during hordeauth authentication via API

bugs at horde.org bugs at horde.org
Sun Sep 30 19:17:09 UTC 2012


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/9733
------------------------------------------------------------------------------
  Ticket             | 9733
  Updated By         | Michael Rubinsky <mrubinsk at horde.org>
  Summary            | Password lost during hordeauth authentication via API
  Queue              | Horde Base
  Version            | Git master
  Type               | Bug
  State              | Resolved
  Priority           | 2. Medium
  Milestone          | 4.1
  Patch              |
  Owners             | Michael Rubinsky
------------------------------------------------------------------------------


Michael Rubinsky <mrubinsk at horde.org> (2012-09-30 19:17) wrote:

> Forget about the above remark, the zero length sessions are created  
> regardless of the presence of the above line. So somehow when using  
> the Horde_Session_Null handler, the Horde configuring settings for  
> the session handler are ignored and the session handler as  
> configured in 'php.ini' is used.

This is a side effect of the Null handler calling session_start().  
Even though we don't store any data in the session, we still must tell  
PHP to create one, otherwise certain data that is required to be  
available will not be. E.g., session_id() is used by Horde_Secret as  
an encryption key. The absence of this value breaks authentication in  
certain places.





More information about the bugs mailing list