[horde] Previous user-session information still avaiable

[Chuck Hagenbuch]

Quoting Salim Virani <me at salimvirani.com>:

> Two users log in, one after another, but the first doesn't log out
> before the second logs in.  When the second user runs an app that calls
> Auth::getCredential('password'), it returns the first users password
> instead.

First of all, this seems pretty much impossible.

What version? Are they using the same browser (same physical computer)? I
assume you have cookies turned off, and they're using GET sessions?

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
The alligators were there, too, in a bathtub inside the house.