[imp] IMP Login Issues With Internet Explorer
Michael M Slusarz
slusarz at horde.org
Tue Jan 20 20:46:14 UTC 2015
Quoting Adam Tauno Williams <awilliam at opengroupware.us>:
>> Does a POST to /login.php with a HTTP/302 response with a location
>> header of
>> "http://horde_p.mormail.com/imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4"
>> indicate that authentication was successful?
Yes.
>> Then the GET request follows to
>> "GET /imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4" ang gets a
>> HTTP/302 with a Location header back to the "login.php" page. So I just
>> got kicked out?
>> Notably the GET request to /imp/dynamic does not contain a Cookie
>> header.
>> The Set-Cookie in the original HTTP/302 [in response to login.php] looks
>> like -
>> Set-Cookie: Horde=3k1r7gt07.....8rn9e2; path=/;
>> domain=horde_p.example.com; HttpOnly
>> Set-Cookie: horde_secret_key=3k1r7g.....em88rn9e2; path=/;
>> domain=horde_p.example.com; httponly
>> Set-Cookie: default_horde_view=deleted; expires=Thu, 01-Jan-1970
>> 00:00:01 GMT; Max-Age=0; path=/; domain=horde_p.example.com
>
> It would appear the issue is somehow related to cookies and session
> persistence. Setting "$conf['session']['use_only_cookies'] = false;"
> allows login via Internet Explorer.
That does sound like a cookie issue. But PHP handles setting cookies
on the browser-side, so that wouldn't be a Horde issue (and, as
mentioned before, I can't reproduce using cookies with IE 11).
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the imp
mailing list