[imp]
Very alarming/strange login problems - user logs in to someone
else's session
William Tucker
wtucker at mail.ucf.edu
Tue Jan 28 14:14:06 PST 2003
horde 2.1, imp 3.1, apache 1.3.27, php 4.1.2, UW imap IMAP4rev1 2002.334, solaris 8
On to the problem. This is taking place on a high load (40K users) mail/web server. When a certain user logs in, she finds herself in the middle of someone else's session.. here are some log snippets (logins/IPs changed):
Jan 27 19:46:42 HORDE [notice] [imp] Login success for user1 [1.1.1.1] to {pegasus.cc.ucf.edu:143} [on line 51 of "/web/horde_2/imp/redirect.php"]
Jan 27 19:48:12 HORDE [notice] [imp] Logout for user1 [2.2.2.2] from {pegasus.cc.ucf.edu:143} [on line 72 of "/web/horde_2/imp/login.php"]
Jan 27 19:48:22 HORDE [notice] [imp] Login success for user2 [2.2.2.2] to {pegasus.cc.ucf.edu:143} [on line 51 of "/web/horde_2/imp/redirect.php"]
Jan 27 19:48:33 HORDE [notice] [imp] Logout for user2 [2.2.2.2] from {pegasus.cc.ucf.edu:143} [on line 72 of "/web/horde_2/imp/login.php"]
user1 is on 1.1.1.1, and user2 is on 2.2.2.2.
When user2 logs in, she finds herself in the middle of user1's session, and has to log out of that session. It seems that user1 is not logging out, and is only closing their browser. Has anyone else seen this behavior?
user1 is not the same username every time, but user2 is the only person complaining of this behavior.
My php.ini settings for sessions are:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = HORDE
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /webmail
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
And I am sure that the cookie_path matches up. Any suggestions at all would be very appreciated.
Thanks in advance,
William Tucker
More information about the imp
mailing list