[horde] login/logout bug?

Gabriel Sere gsere at tecnet.com.uy
Thu Mar 9 09:58:52 PST 2006

Well, the solution for the problem I reported
yesterday isn't what I said regarding to
delete the cookie for the session name. So I'm
back with the same problem and I'll try to tell
how I solve it.

The problem: when you log out from horde without
close the page (I mean using the session_id() of
the last session in the url), you're back as the
same user even if you do not provide the right
login and passwd.

This is because the session_destroy at line
185 on ../imp/login.php doesn't take effect
until the scripts ends and the session is
restored before that.

To problem is solved calling session_write_close()
after session_destroy:

login.php @line 190:
        if ($imp_auth) {
             session_write_close(); // this really destroy the session.

I'm not sure where is the best place to call
session_write_close() because it also can be
placed also before unset($_SESSION['imp']) few
lines above.


More information about the horde mailing list