[Tickets #11550] Re: cookie does not set path information and http status codes are wrong
bugs at horde.org
bugs at horde.org
Thu Oct 18 13:07:51 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11550
------------------------------------------------------------------------------
Ticket | 11550
Updated By | Jan Schneider <jan at horde.org>
Summary | cookie does not set path information and http status
| codes are wrong
Queue | Horde Groupware
Version | 4.0.8
Type | Bug
-State | Unconfirmed
+State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2012-10-18 15:07) wrote:
> The cookie path is not set for horde webmailer, so the cookies are
> sent to every part of the domain. This causes the abbility to steal
> my login for other users of the server.
Configure Horde correctly.
> Also on logout the cookie is not destroyed.
Which cookie?
> And Horde does not use HTTP properly as defined in RFC 2616.
> I am not able to see if login was successfull because even on login
> failure there is sent a 200 OK response code.
Which is perfectly correct. The login page is not a REST service.
More information about the bugs
mailing list