[horde] Dimp Options redirect to login

Michael M Slusarz slusarz at horde.org
Mon Sep 8 19:58:57 UTC 2008


Quoting Gerard Breiner <gerard.breiner at ias.u-psud.fr>:

> I don't use cookies $conf[session][use_only_cookies] = false.  
> However, if it was "true" the connexion would be refused (I already  
> have this problem in the past).
> I don't have this problem when I click on "Options" into horde or   
> imp  whereas  it is the same "Options" interface.
> Nevertheless, a click on "Options" into dimp  is logged in  
> /var/log/horde.log as :

You *really* need to be using cookies.  Using non-cookie, URL-based  
sessions is a known security risk.  That is why no admins have ever  
seen this issue because we would never run without using cookies.

I've fixed a few places where we weren't correctly appending session  
information to the URLs in this situation.

michael

-- 
___________________________________
Michael Slusarz [slusarz at horde.org]



More information about the horde mailing list