[horde] Dimp Options redirect to login
Gerard Breiner
gerard.breiner at ias.u-psud.fr
Tue Sep 9 09:33:18 UTC 2008
Michael M Slusarz a écrit :
> Quoting Gerard Breiner <gerard.breiner at ias.u-psud.fr>:
>
>> I don't use cookies $conf[session][use_only_cookies] = false.
>> However, if it was "true" the connexion would be refused (I already
>> have this problem in the past).
>> I don't have this problem when I click on "Options" into horde or
>> imp whereas it is the same "Options" interface.
>> Nevertheless, a click on "Options" into dimp is logged in
>> /var/log/horde.log as :
>
> You *really* need to be using cookies. Using non-cookie, URL-based
> sessions is a known security risk. That is why no admins have ever
> seen this issue because we would never run without using cookies.
>
> I've fixed a few places where we weren't correctly appending session
> information to the URLs in this situation.
>
> michael
>
You have hit the nail on the head Michael . Dimp works very fine if
using cookies ($conf['session']['use_only_cookies'] = true;) and if we
put the good path for $conf['cookies']['path' ].
It remains a little problem of no translation of text "Log Out"
English to french .
I thank you very much for your advices which allowed to solve theses
problems.
Gerard
--
Université Paris-Sud 11
Institut D'Astrophysique Spatiale
Gérard Breiner
Rue Georges Clémenceau
fr-91405 Orsay-ville
More information about the horde
mailing list