Recent CVS changes to Horde and IMP in order to '[cjh] Clear the whole session
when the user logs out of Horde.' do not reinitialize the session properly when
cookies are not in use. A login attempt after logging out apparently succeeds,
until anything is actually attempted. The login screen returns, but this time
the session has been properly initialized (with session_start()). A second
login now works correctly.
The patches below do have the side effect of calling session_start() twice
(albeit with the intervening session_destroy()). Perhaps it would be better
to rearrange the flow a bit to clean it up ? Or maybe session_start() needs
to be called before session_destroy() ?
Mark
--- /cvs/horde/login.php Sun Jun 24 15:48:57 2001 2.50
+++ /cvs/horde/login.php Tue Jun 26 16:20:44 2001
@@ -31,6 +31,7 @@
} else {
Auth::clearAuth();
session_destroy();
+ @session_start();
}
}
--- /cvs/imp/login.php Sun Jun 24 16:08:49 2001 2.118
+++ /cvs/imp/login.php Tue Jun 26 16:17:19 2001
@@ -91,6 +91,7 @@
include_once HORDE_BASE . "/lib/Auth.php";
Auth::clearAuth();
session_destroy();
+ @session_start();
}
} elseif ($reason == 'failed') {
$HTTP_SESSION_VARS['imp'] = null;