[imp] user getting other people's sessions

Jie Gao J.Gao@isu.usyd.edu.au
Wed, 21 Aug 2002 08:33:01 +1000 (EST)


On Tue, 20 Aug 2002, Bjørn Ove Grøtan wrote:

> Fabien COMBERNOUS:
> >
> > Lo,
> >
> > I have reporting about same thing. I thougth it was a joke. But with
> > this mail, perhaps it was not. In my side, users get only a valid
> > login. Password field was not valid.
>
> I've got reports saying the same thing. The problem has occured for
> aprox. 5-10 people in a period within 6-8 months. This weekend we changed
> to IMP 3.1 and added better session-handling for PHP (entropy in php.ini).

I have already been using that: session.entropy_length = 32





Jie