[imp] imp CVS, hordeauth / auto login and secure request token checker thing

Chuck Hagenbuch chuck at horde.org
Fri Mar 7 23:17:26 UTC 2008


Quoting Liam Hoekenga <liamr at umich.edu>:

> I installed HEAD.  We use a custom auth handler, and have hordeauth set to
> true in imp/servers.php
>
> We're entering the application through https://mail.example.edu/horde/,
> and now we're getting..
>
> "It cannot be verified that this request was really sent by you. It could
> be a potentially malicious request."
>
> How do we fix this?  How do we provide required tokens to let us in, or
> how do we turn this off?

There aren't currently tokens on login - can you dig a bit into this?  
The only way you should get a token error on that URL is if Horde  
thinks you're logging out. It's be helpful to know the code path that  
is triggering.

-chuck


More information about the imp mailing list