6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
11/7/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#11550] cookie does not set path information and http status codes are wrong
*
Your Email Address
*
Spam protection
Enter the letters below:
. . __..__ . ..___ |_/ (__ | \| |[__ | \.__)|__/|__|[___
Comment
>> The cookie path is not set for horde webmailer, so the cookies are >> sent to every part of the domain. This causes the abbility to steal >> my login for other users of the server. > > Configure Horde correctly. > >> Also on logout the cookie is not destroyed. > > Which cookie? > >> And Horde does not use HTTP properly as defined in RFC 2616. >> I am not able to see if login was successfull because even on login >> failure there is sent a 200 OK response code. > > Which is perfectly correct. The login page is not a REST service.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers