[imp] Fwd: Chuck,
what am I doing wrong? Why won't anyone respond to this question?
Michael Yingbull
mbull at uoguelph.ca
Wed Aug 11 08:16:05 PDT 2004
On 10-Aug-04, at 5:44 PM, John Schneider wrote:
> Thanks for responding. I certainly don't have a lab full of computers
> with
> session Ids bookmarked. But, I do have about 200 users and perhaps
> some of
> them have bookmarked the site at a time when a session ID was present
> in the
> URL.
>
> I checked with the users that experienced this problem. So far the
> user that
> logged in a got a different user's mailbox replied back and DID have a
> session ID in the URL...
> http://webmail.domain.com/horde/imp/login.php?
> Horde=8e13e5f741680fcc8fbc062d
> f9d2bcc4
>
> The user whose mailbox was viewed did not yet reply. The user whose
> mailbox
> was viewed WAS logged in just before or at about the time this
> happened and
> was setting a vacation notice with SORK.
>
We solved that problem here by forcing sessions to cookies, as Magnus
wrote. The only thing that would prevent this would be mapping
sessions to the IP using them (TMK) - IMP used to have this feature,
but it was removed (perhaps because there is another method of
resolving this that I'm not familiar with).
If you force Horde/IMP to use cookies, your problem should go away.
We had no real issue with forcing people to cookies with our users,
overall.
--
Michael Yingbull
More information about the imp
mailing list