[horde] Dimp Options redirect to login
Michael M Slusarz
slusarz at horde.org
Mon Sep 8 19:58:57 UTC 2008
Quoting Gerard Breiner <gerard.breiner at ias.u-psud.fr>:
> I don't use cookies $conf[session][use_only_cookies] = false.
> However, if it was "true" the connexion would be refused (I already
> have this problem in the past).
> I don't have this problem when I click on "Options" into horde or
> imp whereas it is the same "Options" interface.
> Nevertheless, a click on "Options" into dimp is logged in
> /var/log/horde.log as :
You *really* need to be using cookies. Using non-cookie, URL-based
sessions is a known security risk. That is why no admins have ever
seen this issue because we would never run without using cookies.
I've fixed a few places where we weren't correctly appending session
information to the URLs in this situation.
michael
--
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list