[horde] login/logout bug?
Gabriel Sere
gsere at tecnet.com.uy
Thu Mar 9 09:58:52 PST 2006
Well, the solution for the problem I reported
yesterday isn't what I said regarding to
delete the cookie for the session name. So I'm
back with the same problem and I'll try to tell
how I solve it.
The problem: when you log out from horde without
close the page (I mean using the session_id() of
the last session in the url), you're back as the
same user even if you do not provide the right
login and passwd.
This is because the session_destroy at line
185 on ../imp/login.php doesn't take effect
until the scripts ends and the session is
restored before that.
To problem is solved calling session_write_close()
after session_destroy:
login.php @line 190:
-----------------------------------------
if ($imp_auth) {
Auth::clearAuth();
@session_destroy();
session_write_close(); // this really destroy the session.
Horde::setupSessionHandler();
@session_start();
}
I'm not sure where is the best place to call
session_write_close() because it also can be
placed also before unset($_SESSION['imp']) few
lines above.
Gabriel.
More information about the horde
mailing list