[horde] explicitly log back into a session using the auth_key

Chuck Hagenbuch chuck at horde.org
Thu Dec 18 18:25:11 PST 2003


Quoting Tom Hodder <tom at scriptsupport.co.uk>:

> I've tried simply starting the page with a;
>
> $_COOKIE['auth_key'] = $_POST['Horde'];
> and
> $_GET['Horde'] = $_POST['Horde'];

The auth_key cookie is not the session_id; you can't log in with it. It's just a
random hash - essentially a passphrase - that lets us encrypt sensitive session
data, so that a compromise of the session store doesn't compromise user
passwords without additional information.

You want the session id instead. Though I'm not exactly sure what you mean by
sending the response back from a different server, and where/how you intend to
recreate the session.

-chuck

--
Charles Hagenbuch, <chuck at horde.org>
"I'm really... I'm not too fascinated by green food." - Average Joe



More information about the horde mailing list