[dev] Authentication session data cleaned by Kronolith
SSRI
ssri_abo at u-paris2.fr
Mon Jun 17 14:13:55 UTC 2013
Jan Schneider <jan at horde.org> a écrit :
> Zitat von SSRI <ssri_abo at u-paris2.fr>:
>
>> Hi,
>>
>> In _setAuth() function ( Horde/Core/Auth/Application.php ), Horde
>> destroys any existing php session on login. Using transparent
>> authentication, Horde authenticates correctly. But, when Kronolith
>> try to authenticate, it destroys any existing php session. However,
>> we store our authentication status in php session data which is
>> destroyed by Kronolith ...
>
> What does this have to do with Kronolith?
>
Logs indicates that Kronolith is the application that executes this
part of sethAuth() calls after successfull Horde/IMP authentication :
/* Destroy any existing session on login and make sure to use a
* new session ID, to avoid session fixation issues. */
if (($userId = $registry->getAuth()) === false) {
$GLOBALS['session']->clean();
$userId = $this->getCredential('userId');
}
>> Is there a way to avoid Horde to destroy any existing php session data ?
>
> How do you store this information in the session?
$_SESSION inside a customized auth driver.
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
>
> --
> dev mailing list
> Frequently Asked Questions: http://wiki.horde.org/FAQ
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
More information about the dev
mailing list