[imp] Fix for broken SQL session handlers since IMP 3.2.2
Chuck Hagenbuch
chuck at horde.org
Wed Aug 11 20:52:12 PDT 2004
Quoting Michael Schout <mschout at gkg.net>:
> Apparently, this is the change that breaks SQL session handlers. If I
> remove the lines that were added in IMP 3.2.2, (the getCleanSession()
> call), then everything works perfectly.
>
> I dont know enough about the logic as to why this change was made in IMP
> 3.2.2, and I dont know why it breaks SQL sessions. But if I remove the
> getCleanSession() call, it fixes the problem.
No, it simply makes you vulnerable to session fixation attacks; the problem is
still there, routed around. Look later on in getCleanSession(); it calls
setupSessionHandler() to reinitialize custom session handlers.
Obviously that's
not working for you; you need to find out why.
-chuck
--
"Regard my poor demoralized mule!" - Juan Valdez
More information about the imp
mailing list