[imp] IMP Login Issues With Internet Explorer

Adam Tauno Williams awilliam at opengroupware.us
Tue Jan 20 20:09:52 UTC 2015 

On Tue, 2015-01-20 at 14:31 -0500, Adam Tauno Williams wrote: 
> On Mon, 2015-01-19 at 15:40 -0500, Adam Tauno Williams wrote: 
> > On Mon, 2015-01-19 at 12:17 -0600, Andy Dorman wrote: 
> > > On 01/19/2015 11:12 AM, Adam Tauno Williams wrote:
> > > > Horde 5.2.3 / IMP 6.2.4
> > > > Firefox 31.20.0
> > > > Internet Explorer 11.0.13
> > > > Logging into my instance with Firefox [or Epiphany] works without
> > > > incident.
> > > > Logging into Internet Explorer fails, it just says authentication fails
> > > > and goes back to the login page.
> > > > Anyone else seen this?  There appears to be no errors, warnings, etc...
> > > Try clearing all your cookies for the login domain.  We will see this 
> > > often in Chrome & FF when testing subdomains like beta.mydomain.com and 
> > > then trying to login at mydomain.com.
> > Done, it didn't effect the problem.  And the same exact issue occurs in
> > compatibility mode.
> > The login is to a fully qualified hostname, but a domain/alias.
> Does a POST to /login.php with a HTTP/302 response with a location
> header of
> "http://horde_p.mormail.com/imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4" 
>indicate that authentication was successful? 
> Then the GET request follows to
> "GET /imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4" ang gets a
> HTTP/302 with a Location header back to the "login.php" page.  So I just
> got kicked out?
> Notably the GET request to /imp/dynamic does not contain a Cookie
> header.
> The Set-Cookie in the original HTTP/302 [in response to login.php] looks
> like -
> Set-Cookie: Horde=3k1r7gt07.....8rn9e2; path=/;
> domain=horde_p.example.com; HttpOnly
> Set-Cookie: horde_secret_key=3k1r7g.....em88rn9e2; path=/;
> domain=horde_p.example.com; httponly
> Set-Cookie: default_horde_view=deleted; expires=Thu, 01-Jan-1970
> 00:00:01 GMT; Max-Age=0; path=/; domain=horde_p.example.com

It would appear the issue is somehow related to cookies and session
persistence.  Setting "$conf['session']['use_only_cookies'] = false;"
allows login via Internet Explorer.

-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>

More information about the imp mailing list