Tickets :: [#11550] cookie does not set path information and http status codes are wrong

Summary	cookie does not set path information and http status codes are wrong
Queue	Horde Groupware
Queue Version	4.0.8
Type	Bug
State	No Feedback
Priority	2. Medium
Owners
Requester	best (at) univention (dot) de
Created	10/18/2012 (4620 days ago)
Due
Updated	11/26/2012 (4581 days ago)
Assigned	10/18/2012 (4620 days ago)
Resolved	11/26/2012 (4581 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

11/26/2012 11:30:56 AM	Jan Schneider	State ⇒ No Feedback

10/18/2012 01:07:50 PM	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
The cookie path is not set for horde webmailer, so the cookies are sent to every part of the domain. This causes the abbility to steal my login for other users of the server. Configure Horde correctly. Also on logout the cookie is not destroyed. Which cookie? And Horde does not use HTTP properly as defined in RFC 2616. I am not able to see if login was successfull because even on login failure there is sent a 200 OK response code. Which is perfectly correct. The login page is not a REST service.

10/18/2012 12:00:55 PM	best (at) univention (dot) de	Comment #1 Priority ⇒ 2. Medium Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Groupware Summary ⇒ cookie does not set path information and http status codes are wrong Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
The cookie path is not set for horde webmailer, so the cookies are sent to every part of the domain. This causes the abbility to steal my login for other users of the server. Also on logout the cookie is not destroyed. And Horde does not use HTTP properly as defined in RFC 2616. I am not able to see if login was successfull because even on login failure there is sent a 200 OK response code. i would like to see changes in horde 4.0.9