[horde] session problem

Michael M Slusarz slusarz at bigworm.colorado.edu
Wed Feb 18 13:05:20 PST 2004

Quoting jason at freemotion.bb:

> i think i am getting a session problem.
> i am running horde as webmail for my ISP the versions are ;-
> Forwards: 3.0-cvs
> Gollem: 1.0-cvs (run Gollem tests)
> Horde: 3.0-cvs
> Imp: 4.0-cvs (run Imp tests)
> Ingo: 1.0-cvs (run Ingo tests)
> Kronolith: 2.0-cvs
> Mnemo: 2.0-cvs
> Nag: 2.0-cvs
> Passwd: 3.0-cvs
> Sam: 0.1-cvs
> Trean: 0.1-cvs
> Turba: 2.0-cvs (run Turba tests)
> Vacation: 3.0-cvs
> every thing is running fine but with one problem, somtimes users are 
> getting a
> problem where they get thrown out and told to login again because there ip
> address has changed since they loged in, and it will normally come up with a
> nother username in the username box.

 From config/conf.php:

// Should we use always store and validate the IP address of the client (as
// seen by the web server) in the session? Doing so will help increase
// security by ensuring that an attacker from another host can not try to
// hijack the session. Either true or false.
$conf['auth']['checkip'] = true;

It seems your clients are using computers that have IP addresses that are
changing during the session, so you should try setting this to false.


Michael Slusarz [slusarz at bigworm.colorado.edu]
The University of Colorado at Boulder

More information about the horde mailing list