[Tickets #11550] Re: cookie does not set path information and http status codes are wrong

bugs at horde.org bugs at horde.org
Thu Oct 18 12:01:38 UTC 2012


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/11550
------------------------------------------------------------------------------
  Ticket             | 11550
  Updated By         | best at univention.de
  Summary            | cookie does not set path information and http status
                     | codes are wrong
  Queue              | Horde Groupware
  Version            | 4.0.8
  Type               | Bug
  State              | Unconfirmed
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


best at univention.de (2012-10-18 12:00) wrote:

The cookie path is not set for horde webmailer, so the cookies are  
sent to every part of the domain. This causes the abbility to steal my  
login for other users of the server.

Also on logout the cookie is not destroyed.

And Horde does not use HTTP properly as defined in RFC 2616.
I am not able to see if login was successfull because even on login  
failure there is sent a 200 OK response code.

i would like to see changes in horde 4.0.9





More information about the bugs mailing list