[imp] Re: Session ID Duplicates
Jacob Davida
jacob-news at davida.com
Tue Nov 25 08:25:04 PST 2003
Hello,
I'm not quite sure, but I believe you can help this problem by changing
the sessions to store the customer IP's. I'm not sure if this is implemented
in your version or if it will fix the problem, but it's somethign to try.
Here's the snippit from the conf.php file
// Should we use always store and validate the IP address of the client (as
// seen by the web server) in the session? Doing so will help increase
// security by ensuring that an attacker from another host can not try to
// hijack the session. Either true or false.
$conf['auth']['checkip'] = false;
I'm using Horde, Imp, CVS HEAD, it's in /horde/config/conf.php
- Jacob
"meei you lee" <meeilee at stanford.edu> wrote in message
news:ADELIPBDGFIFKBALPCIJIEJPCAAA.meeilee at stanford.edu...
> We are using IMP webmail. We have horede-2.23., imp-3.2.1.and Apache
> 2.47 installed . PHP 4.3.2 is built as a apache dso module. We have
> three separate dedicated web servers to serve user's requests . Each
> web server is running on its Linux box. These three web serves are
> load balanced and shared MYSQL database as session storage. MYSQL is
> running on its Linux.
>
>
> Once in a while we received complains from user that they can view
> other people's mailbox even they were authenticated as themselves. We
> suspect it is sessionID duplicates( each webmail application manages
> its own session and does not share session information with each other)
> Does anyone has experienced the same problem? If so how to solve the
> problem ?
>
>
> Thanks
> MeeiYou
>
>
> --
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe at lists.horde.org
>
More information about the imp
mailing list