6.0.0-beta1
7/6/25

[#9024] DIMP initialises IMP session
Summary DIMP initialises IMP session
Queue DIMP
Queue Version 1.1.4
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester Valentin.Vidic (at) carnet (dot) hr
Created 05/13/2010 (5533 days ago)
Due
Updated 05/13/2010 (5533 days ago)
Assigned 05/13/2010 (5533 days ago)
Resolved 05/13/2010 (5533 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch Yes

History
05/13/2010 09:55:53 PM Michael Slusarz Comment #4
State ⇒ Resolved
Reply to this comment
Fixed in IMP 4.3.8 and DIMP 1.1.5.
05/13/2010 09:55:36 PM CVS Commit Comment #3 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9024
Submitted by: Valentin.Vidic@CARNet.hr
Don't set viewmode if session is not active.
http://cvs.horde.org/diff.php/dimp/lib/base.php?rt=horde&r1=1.33.2.9&r2=1.33.2.10&ty=u
05/13/2010 09:53:04 PM CVS Commit Comment #2 Reply to this comment
Changes have been made in CVS for this ticket:

Bug: 9024
Submitted by: Valentin.Vidic@CARNet.hr
Don't set viewmode if session is not active.
http://cvs.horde.org/diff.php/imp/lib/base.php?rt=horde&r1=1.79.10.21&r2=1.79.10.22&ty=u
05/13/2010 03:21:46 PM Jan Schneider Assigned to Michael Slusarz
State ⇒ Assigned
 
05/13/2010 01:49:09 PM Valentin (dot) Vidic (at) carnet (dot) hr Comment #1
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ DIMP initialises IMP session
Queue ⇒ DIMP
Milestone ⇒
Patch ⇒ Yes
New Attachment: dimp_session.diff Download
State ⇒ Unconfirmed
Reply to this comment
Accessing https://webmail.host/dimp/ without being logged in redirects 
to Horde login screen. After logging in /dimp/index.php is opened 
again but this time IMP session is missing. Another redirect happens 
here, this time to /imp/redirect.php. Finally /imp/redirect.php 
forwards to /imp/login.php with logout_reason=failed. This final 
redirect happens here:

/* If we already have a session: */
if (isset($_SESSION['imp']) && is_array($_SESSION['imp'])) {
     /* Make sure that if a username was specified, it is the current
      * username. */
     if (($imapuser !== null && ($imapuser != $_SESSION['imp']['user'])) ||
         ($pass !== null && ($pass != 
Secret::read(Secret::getKey('imp'), $_SESSION['imp']['pass'])))) {

         /* Disable the old session. */
         unset($_SESSION['imp']);
         _redirect(Auth::addLogoutParameters(IMP::logoutUrl(), 
AUTH_REASON_FAILED));
     }

Problem is that DIMP initializes $_SESSION['imp'] with

    $_SESSION['imp']['viewmode'] = 'dimp'

but the rest of the session is missing so IMP thinks something went 
wrong. Attached patch fixes this causing DIMP to update the session 
only if it's already initialized.

Saved Queries