[Tickets #13284] Re: Horde_Secret: Only store key in cookies if cookies are in use
noreply at bugs.horde.org
noreply at bugs.horde.org
Fri Jul 4 13:30:34 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13284
------------------------------------------------------------------------------
Ticket | 13284
Updated By | Thomas Jarosch <thomas.jarosch at intra2net.com>
Summary | Horde_Secret: Only store key in cookies if cookies are
| in use
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Assigned
Priority | 1. Low
Milestone |
Patch | 1
Owners | Michael Slusarz
------------------------------------------------------------------------------
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-07-04 13:30) wrote:
Side note: Cookies are officially not supported for WebDAV sessions (yunosh)
See also:
http://comments.gmane.org/gmane.comp.php.sabredav/65
"2. Don't use sessions in WebDAV. They are not supported in most
clients, and generally a terrible idea. HTTP is supposed to be
stateless. Only when your client is a browser, a (session-)cookie is
acceptable."
and
http://stackoverflow.com/questions/14499686/mac-os-x-does-not-send-cookies-to-webdav-resource
We probably need to come up with a more clever storage mechanism.
Funny the previous code worked at all for DAV.
Wild guess: The webdav access generates a new "session id" on every
page access since it does not transport the session id cookie. This
breaks Horde_Secret because it can no longer decrypt the data of the
previous page access.
More information about the bugs
mailing list