6.0.0-beta13
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/11/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#13448] horde_secret_key cookie does not use configured session timeout
*
Your Email Address
*
Spam protection
Enter the letters below:
__ .__ . ..___. . / `[__)|__|[__ | | \__.| | || |__|
Comment
> I'm not sure if this a bug or a feature, but according to > http://lists.horde.org/archives/horde/Week-of-Mon-20140203/050583.html it > seems it is not intentional: > > in pear/php/Horde/Secret.php, a cookie is set, and the lifetime of > the cookie is set to 0, which means it is removed when the browser is > closed. This can be seen as a security feature, however, it is not > consistent with the rest of the horde session, because its cookie > timeout is set according to $conf['session']['timeout']. Attached is > a small workaround that honours this configuration setting, and with > this the horde session expires at the same time as the horde_secret.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers