6.0.0-alpha12
6/12/25

[#11550] cookie does not set path information and http status codes are wrong
Summary cookie does not set path information and http status codes are wrong
Queue Horde Groupware
Queue Version 4.0.8
Type Bug
State No Feedback
Priority 2. Medium
Owners
Requester best (at) univention (dot) de
Created 10/18/2012 (4620 days ago)
Due
Updated 11/26/2012 (4581 days ago)
Assigned 10/18/2012 (4620 days ago)
Resolved 11/26/2012 (4581 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
11/26/2012 11:30:56 AM Jan Schneider State ⇒ No Feedback
 
10/18/2012 01:07:50 PM Jan Schneider Comment #2
State ⇒ Feedback
Reply to this comment
The cookie path is not set for horde webmailer, so the cookies are 
sent to every part of the domain. This causes the abbility to steal 
my login for other users of the server.
Configure Horde correctly.
Also on logout the cookie is not destroyed.
Which cookie?
And Horde does not use HTTP properly as defined in RFC 2616.
I am not able to see if login was successfull because even on login 
failure there is sent a 200 OK response code.
Which is perfectly correct. The login page is not a REST service.
10/18/2012 12:00:55 PM best (at) univention (dot) de Comment #1
Priority ⇒ 2. Medium
Patch ⇒ No
Milestone ⇒
Queue ⇒ Horde Groupware
Summary ⇒ cookie does not set path information and http status codes are wrong
Type ⇒ Bug
State ⇒ Unconfirmed
Reply to this comment
The cookie path is not set for horde webmailer, so the cookies are 
sent to every part of the domain. This causes the abbility to steal my 
login for other users of the server.

Also on logout the cookie is not destroyed.

And Horde does not use HTTP properly as defined in RFC 2616.
I am not able to see if login was successfull because even on login 
failure there is sent a 200 OK response code.

i would like to see changes in horde 4.0.9

Saved Queries