[Tickets #11550] cookie does not set path information and http status codes are wrong
bugs at horde.org
bugs at horde.org
Thu Oct 18 12:00:55 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11550
------------------------------------------------------------------------------
Ticket | 11550
Created By | best at univention.de
Summary | cookie does not set path information and http status
| codes are wrong
Queue | Horde Groupware
Version | 4.0.8
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
best at univention.de (2012-10-18 12:00) wrote:
The cookie path is not set for horde webmailer, so the cookies are
sent to every part of the domain. This causes the abbility to steal my
login for other users of the server.
Also on logout the cookie is not destroyed.
And Horde does not use HTTP properly as defined in RFC 2616.
I am not able to see if login was successfull because even on login
failure there is sent a 200 OK response code.
i would like to see changes in horde 4.0.9
More information about the bugs
mailing list