[imp] user getting other people's sessions

Fabien COMBERNOUS fcombernous@eprocess.fr
Tue, 20 Aug 2002 11:30:29 +0200

Previous message: [imp] user getting other people's sessions
Next message: [imp] user getting other people's sessions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Humm i'm running the lastest horde et imp versions.

On Tue, Aug 20, 2002 at 11:03:12AM +0200, Bjørn Ove Grøtan wrote :
> Fabien COMBERNOUS:
> > 
> > Lo,
> > 
> > I have reporting about same thing. I thougth it was a joke. But with
> > this mail, perhaps it was not. In my side, users get only a valid
> > login. Password field was not valid.
> 
> I've got reports saying the same thing. The problem has occured for 
> aprox. 5-10 people in a period within 6-8 months. This weekend we changed
> to IMP 3.1 and added better session-handling for PHP (entropy in php.ini).
> 
> 
> > > IMP 3.0
> > > -------
> > > 
> > > I have users saying to me that they get other people's sessions while
> > > using IMP sometimes.
> > > 
> > > Anyone else here have this problem as well, or has this issue been
> > > dealt with and if so, what can I do to patch it up quickly without
> > > having to upgrade?
> 
> A quick solution as far as we could see was to take use of the entropy
> variables in php.ini. This would make a more unique session_id. 
> 
> Best regards
> 
> Bjørn Ove Grøtan
> 

-- 

Fabien COMBERNOUS - IT Engineer
eProcess - Parc Club du Millénaire Batiment n° 6
1025 rue Henri Becquerel - 34000 Montpellier FRANCE
http://www.eprocess.fr - +33 (0)4 67 13 84 50

Previous message: [imp] user getting other people's sessions
Next message: [imp] user getting other people's sessions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]