[imp] Fix for broken SQL session handlers since IMP 3.2.2
Errol Neal
eneal at dfi-intl.com
Tue Aug 17 12:34:56 PDT 2004
I've had this problem as well. I'm sort of confused as to how to fix the issue because I've always used DB based sessions in PGSQL until about the release of 3.2.2. Anybody else having the same issue below?
__________________________________________
Errol Uriel Neal Jr.
Network Administrator
DFI International, Inc.
1717 Pennsylvania Ave NW, Suite 1300
Washington, DC 20006
Tel (202)452-6955
Fax (202)452-6910
eneal at dfi-intl.com
www.dfi-intl.com
-----Original Message-----
From: imp-bounces at lists.horde.org [mailto:imp-bounces at lists.horde.org]On
Behalf Of Chuck Hagenbuch
Sent: Wednesday, August 11, 2004 11:52 PM
To: imp at lists.horde.org
Subject: Re: [imp] Fix for broken SQL session handlers since IMP 3.2.2
Quoting Michael Schout <mschout at gkg.net>:
> Apparently, this is the change that breaks SQL session handlers. If I
> remove the lines that were added in IMP 3.2.2, (the getCleanSession()
> call), then everything works perfectly.
>
> I dont know enough about the logic as to why this change was made in IMP
> 3.2.2, and I dont know why it breaks SQL sessions. But if I remove the
> getCleanSession() call, it fixes the problem.
No, it simply makes you vulnerable to session fixation attacks; the problem is
still there, routed around. Look later on in getCleanSession(); it calls
setupSessionHandler() to reinitialize custom session handlers.
Obviously that's
not working for you; you need to find out why.
-chuck
--
"Regard my poor demoralized mule!" - Juan Valdez
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe at lists.horde.org
More information about the imp
mailing list