[imp] account sessions ... posix_getpid

Chuck Hagenbuch chuck@horde.org
Tue, 17 Oct 2000 10:34:38 -0400 (EDT)


Quoting Samuel Pigny <spigny@node-sa.com>:

> Imp 2.2.2 is running well under NT4, IIS4 with PHP4.03.
> There is just one problem : every user can see somebody else's account (if
> the last one is not disconnected).

1. Educate your users. They should be logging out.

> Is it possible to force the login screen to appear each time we go on
> /imp/index.php3 ?

2. If necessary, you can edit index.php3 and login.php3 to always assume a new 
session and delete any existing ones. This may cause some people to be logged 
out unexpectedly, but it's a trade off you might have to make.

> I use IMAP and have to note several things about my install :
> - I had an error with unknown function posix_getpid(), so I deleted the line
> (in session.inc)
> - I used the patch where REPLACE is used instead of INSERT in ct_sql.inc.
> The problem may come from those things ?

Those should be fine. The posix_getpid() one just adds a bit more entropy to 
the session id, but you should be okay without it.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Many states consider gambling so immoral that they not only prohibit private
gambling organizations, they thoughtfully provide their own.