[imp] user getting other people's sessions

Bjørn Ove Grøtan bjorn.grotan@itea.ntnu.no
Tue, 20 Aug 2002 11:03:12 +0200

Previous message: [imp] user getting other people's sessions
Next message: [imp] user getting other people's sessions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fabien COMBERNOUS:
> 
> Lo,
> 
> I have reporting about same thing. I thougth it was a joke. But with
> this mail, perhaps it was not. In my side, users get only a valid
> login. Password field was not valid.

I've got reports saying the same thing. The problem has occured for 
aprox. 5-10 people in a period within 6-8 months. This weekend we changed
to IMP 3.1 and added better session-handling for PHP (entropy in php.ini).


> > IMP 3.0
> > -------
> > 
> > I have users saying to me that they get other people's sessions while
> > using IMP sometimes.
> > 
> > Anyone else here have this problem as well, or has this issue been
> > dealt with and if so, what can I do to patch it up quickly without
> > having to upgrade?

A quick solution as far as we could see was to take use of the entropy
variables in php.ini. This would make a more unique session_id. 

Best regards

Bjørn Ove Grøtan

Previous message: [imp] user getting other people's sessions
Next message: [imp] user getting other people's sessions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]