[cvs] commit: horde/lib Secret.php
Jan Schneider
jan at horde.org
Mon Mar 31 05:49:13 PST 2003
jan 2003/03/31 05:49:12 PST
Modified files:
lib Secret.php
Log:
If we use transparent authentication, the user already gets logged in at
the very first page request. At this moment we haven't any cookie set yet,
hence Secret::getKey() falls back to the non-cookie key.
If login.php is loaded into the frameset on the second request, a cookie
exists and a new key is generated making the old one (and everything
encrypted with it, like the credentials from the transparent authentication)
invalid.
The only solution I came up with is to set the cookie key with the fallback
key to have a consistent key through the whole session, even if cookies get
"turned on" during the session.
Revision Changes Path
1.33 +3 -2 horde/lib/Secret.php
Chora Links:
http://cvs.horde.org/diff.php/horde/lib/Secret.php?r1=1.32&r2=1.33&ty=u
More information about the cvs
mailing list