[imp] Suspected sesssion problem
Rob Lineweaver
rlineweaver at harrisonburg.k12.va.us
Fri Sep 12 08:34:46 PDT 2003
Quoting Lachlan Cameron-Smith <lachlan.cameronsmith at adelaide.edu.au>:
>
> We've had a report of a user logging in to IMP (I'll call them user X)
> and finding themself in another user's mailbox (I'll call this user Y).
> No login is recorded in our horde.log for either user at the time. An
> e-mail was sent during this login session using the Problem Report link
> which says it was sent by user Y. We're running Horde 2.2.3 and IMP
> 3.2.1. Is this the kind of problem which should be fixed by upgrading to
> Horde 2.2.4 and IMP 3.2.2 (specifically the change in the release notes
> for IMP 3.2.2 which refers to session issues) or should I be looking
> elsewhere?
The only time I've seen an issue like this is when a site administrator had
distributed to a number of workstations a bookmark/shortcut that included a
horde session ID in the URL. That, combined with users just closing their
browser instead of logging out first allowed other users to inadvertently
hijack an existing session. So the first thing to check would be the URL they
are using to access your Horde installation.
Good luck,
Rob Lineweaver
Network Administrator
Harrisonburg City Public Schools
--
Keyboard not found!
Press F1 to enter Setup
More information about the imp
mailing list