[horde] Previous user-session information still available
Salim Virani
me at salimvirani.com
Sat Jun 14 14:52:42 PDT 2003
Yes. This happens when using the same browser on the same computer,
though with cookies enabled. I've reproduced this using Safari/OSX,
Mozilla/OSX and IE6/WinXP.
It's also worth noting that when the second user's login attempt will
always fail once and succeed on the second attempt. That is:
1) User 1 logs in. Login success logged. Inbox displayed.
2) User 2 logs in. Fails -- but is not logged even when set to
LOG_DEBUG.
3) User 2 logs in again. Login success logged. Inbox displayed.
4) User 2 selects app calling Auth::getCredential -- User 1's password
returned.
The server is running Horde: 2.1, IMP: 3.1 on PHP 4.2.2, Apache 2.0.40
on Redhat 8. Authentication is done through IMAP on a different
machine.
Thanks again.
On Saturday, Jun 14, 2003, at 07:45 America/Vancouver, Chuck Hagenbuch
wrote:
> Quoting Salim Virani <me at salimvirani.com>:
>
>> Two users log in, one after another, but the first doesn't log out
>> before the second logs in. When the second user runs an app that
>> calls
>> Auth::getCredential('password'), it returns the first users password
>> instead.
>
> First of all, this seems pretty much impossible.
>
> What version? Are they using the same browser (same physical
> computer)? I
> assume you have cookies turned off, and they're using GET sessions?
>
> -chuck
>
> --
> Charles Hagenbuch, <chuck at horde.org>
> The alligators were there, too, in a bathtub inside the house.
>
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
Salim Virani
604.773.4436
More information about the horde
mailing list