[imp] Security Question

Chuck Hagenbuch chuck@horde.org
Tue, 24 Oct 2000 10:03:48 -0400 (EDT)

Previous message: Security Question
Next message: small translation error in dutch version of compose.lang
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Andreas Ebinger <ebinger@uni-hohenheim.de>:

> (my configuration: horde-imp 2.2.3,apache-1.3.12,mysql-3.22.32,php-4.0.3.p1,
> lifetime=0)
> 
> If I login with cookies, then save the Url(bookmark), close netscape, start
> netscape again ,turn the cookies off and go to the bookmark,
> then I am logged in on my account.
> (if I leave cookies on, I will be asked for the password/I have to log in
> again)
> And I think if you turn off cookies all the time, I will get the same
> results.
> When will the session be cancelled if you turn cookies off ?

Whenever it is garbage collected.

> If I want to keep the lifetime=0, can I do anything against that ?

You can make it more likely that sessions will be garbage collected.

> And if I change lifetime to a different value, do I have to turn cookies on
> ?

I'm not actually sure if phplib's session code will check the lifetime in any
way other than expecting cookies to expire.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Many states consider gambling so immoral that they not only prohibit private
gambling organizations, they thoughtfully provide their own.

Previous message: Security Question
Next message: small translation error in dutch version of compose.lang
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]