This fixes things for me.

Next attempt...

Changes have been made in Git for this ticket:

Bug #9085: Destroying a session counts as a clean session

http://git.horde.org/diff.php/framework/Core/lib/Horde/Registry.php?rt=horde-git&r1=40c3c5f412af1f752b3bf42884aed3117eb07445&r2=372196c52889c31692bbbf2024538192805be3f7

... ah, and now it's only happening after logout, not when navigating 
to the login page the first time, so to speak.

Now, at least, I'm only seeing the warning once, but it's still there.

Try this.

Changes have been made in Git for this ticket:

Bug #9085: Only reset session ID once per page load

http://git.horde.org/diff.php/framework/Core/lib/Horde/Registry.php?rt=horde-git&r1=182c2abfa25d3cdc6c6a23a3771a6886dcdcde7e&r2=8e3e0edc6bb2e6460aa8f22da9372ee40d3f988e

Since these changes, I'm now seeing:

Warning: session_regenerate_id() [function.session-regenerate-id]: 
Cannot regenerate session id - headers already sent in 
/usr/local/horde/horde/framework/Core/lib/Horde/Registry.php on line 
1582

on the login page.

Trace:

1        0.0027        782592        {main}( )        ../login.php:0
2        0.1840        8413552        require( 
'/usr/local/horde/horde/horde/templates/login/login.inc' 
)        ../login.php:315
3        0.1852        8414088        Horde_Notification_Handler->notify( $options = array 
('listeners' => 'status') )        ../login.inc:15
4        0.1853        8414712        Horde_Notification_Handler_Decorator_Alarm->notify( 
$options = array ('listeners' => array (0 => 'status')) 
)        ../Handler.php:284
5        0.1853        8414712        Horde_Alarm->notify( $user = 'mike', $load = ???, 
$preload = ???, $exclude = ??? )        ../Alarm.php:54
6        0.1854        8415072        Horde_Alarm->listAlarms( $user = 'mike', $time = 
NULL, $load = TRUE, $preload = TRUE )        ../Alarm.php:457
7        0.1864        8444504        Horde_Alarm->load( $user = 'mike', $preload = TRUE 
)        ../Alarm.php:177
8        0.1879        8583720        Horde_Registry->listApps( $filter = NULL, $assoc = 
FALSE, $perms = 4 )        ../Alarm.php:117
9        0.3768        14849736        Horde_Registry->hasPermission( $app = 'ansel', 
$perms = 4 )        ../Registry.php:618
10        0.3769        14850048        Horde_Registry->isAuthenticated( $options = array 
('app' => 'ansel') )        ../Registry.php:1222
11        0.3769        14850128        Horde_Registry->getCleanSession( )        ../Registry.php:1676
12        0.3769        14850224        session_regenerate_id ( TRUE )        ../Registry.php:1582

The only system that I've seen so far that was affected by 
side-effects of this issue also relies on checkAuthentication() 
working properly, so I can't update it yet.

How about this?

Changes have been made in Git for this ticket:

Bug #9085: get clean session if doing transparent auth in a non 
authenticated Horde session

http://git.horde.org/diff.php/framework/Core/lib/Horde/Registry.php?rt=horde-git&r1=26a33b08c4d70abca71dc606d6669f2d0ec59f53&r2=7869819cbfd94103184a404de1ba08b10b9d0b7c

When authenticating a user through transparent authentication, 
getCleanSession() is not called, making the session vulnerable to 
session fixation and other side-effects.