[imp] Token lifetimes (was Re: EMERG: HORDE Diese Anfrage konnte nicht durchgeführt werden)
Michael M Slusarz
slusarz at horde.org
Sun Nov 3 21:30:02 UTC 2013
Quoting Samuel Wolf <samuel at sheepflock.de>:
> Zitat von Michael M Slusarz <slusarz at horde.org>:
>
>> Quoting Samuel Wolf <samuel at sheepflock.de>:
>>
>>> Zitat von Michael M Slusarz <slusarz at horde.org>:
>>>
>>>> Quoting samuel at sheepflock.de:
>>>>
>>>>> Hi,
>>>>>
>>>>> I update yesterday to the current horde release (horde 5.1.5, imp
>>>>> 6.1.5,..) and see this error today when I print a mail:
>>>>> 2013-10-30T15:16:49+00:00 EMERG: HORDE [imp] Diese Anfrage konnte
>>>>> nicht durchgeführt werden, weil der Link oder das Formular, das Sie
>>>>> abgeschickt haben, nur 30 Minuten gültig war. Bitte versuchen Sie es
>>>>> jetzt noch einmal. [pid 18110 on line 167 of
>>>>> "/usr/share/php/Horde/Token/Base.php"]
>>>>>
>>>>> Switch Horde app, mailfolder or message (sorry can not remember) and
>>>>> it work again.
>>>>> Somebody a idea what went wrong?
>>>>> Some timeout, because it work over hours before...
>>>>
>>>> Increase your token timeout.
>>>
>>> This one?
>>> conf.php:$conf['urls']['token_lifetime'] = 30;
>>
>> Yes.
>
> I must increase the timeout to 720 minutes, 120 minutes was not enough,
> the users come to me with the timeout printouts of mails.
See the discussion on the dev@ list. Additionally, nobody has come
forward with any evidence that changing token lifetimes adds any
appreciable security.
I've already committed code that changes token production/changing in
IMP 6.1.6 to stop using the Horde_Token library and instead use the
hard-coded, never expiring session-length token that we already
generate so that would fix this issue without having to change
configuration settings.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list