Fri, 10 Apr 2026 19:46:48 +0000 https://bugs.horde.org/ticket/11550 cookie does not set path information and http status codes are wrong The cookie path is not set for horde webmailer, so the cookies are sent to every part of the domain. This causes the abbility to steal my login for other users of the server. Also on logout the cookie is not destroyed. And Horde does not use HTTP properly as defined in RFC 2616. I am not able to see if login was successfull because even on login failure there is sent a 200 OK response code. i would like to see changes in horde 4.0.9 Thu, 18 Oct 2012 12:00:55 +0000 https://bugs.horde.org/ticket/11550#t73836 > The cookie path is not set for horde webmailer, so the cookies are > sent to every part of the domain. This causes the abbility to steal > my login for other users of the server. Configure Horde correctly. > Also on logout the cookie is not destroyed. Which cookie? > And Horde does not use HTTP properly as defined in RFC 2616. > I am not able to see if login was successfull because even on login > failure there is sent a 200 OK response code. Which is perfectly correct. The login page is not a REST service. Thu, 18 Oct 2012 13:07:50 +0000 https://bugs.horde.org/ticket/11550#t73851