[dev] Head version of horde/imp - Problem with Reply

Marcus I. Ryan marcus@riboflavin.net
Wed, 30 Jan 2002 15:20:11 -0600


This is still broken if you are not using cookies.  None of the links
I've scanned in IMP (mailbox.php and message.php at least) list any
session information in the url, so if you're not using cookies, imp is
broken.  Enabling cookies fixes it, but I still prefer not to use
cookies unless it's completely unavoidable...

I'm hoping this is fairly easily fixed.

You may remember from some of my earlier research, if you block
cookies from a site but don't go in and specifically delete them,
Mozilla will send them on anyway, so disable your cookies and clear
your existing cookies for your test site if you can...

I'd like to do more testing for this one, but I'm not at home and my
connection here is dropping for about two minutes out of every 15. 
*grumble*

Quoting Chuck Hagenbuch <chuck@horde.org>:
>Quoting "Marcus I. Ryan" <marcus@riboflavin.net>:
>
>> Okay...so NOW not all URLs forward session information (specifically
>> the delete link in a folder - if I select all and click delete it 
>> says my session has expired and asks me to log in again).  If I look 
>> at the link for delete it doesn't list a session value in the URL.
>> I have cookies disabled, and sessions are verified to work.  
>
>This should be fixed, but you might find a few more - I fixed a bug
>that included the session id twice if trans_sid was on, but this
might >expose our laziness in not including hidden form inputs with
the >session id in post forms. If you find any others, let me know.

-- 
Marcus I. Ryan, marcus@riboflavin.net
-----------------------------------------------------------------------
 "Love is a snowmobile racing across the tundra and then suddenly it
 flips over, pinning you underneath.  At night, the ice weasels come."
                 -- Matt Groening
-----------------------------------------------------------------------