Tickets :: Comment on [#3386] logouts due to imp

* Your Email Address
* Spam protection	Enter the letters below: .__..__ . .._.. . \| \|[ __\|\ \| \| \|_/ \|__\[_./\| \\|_\|_\| \
Comment	> we're using horde 3.0.5, imp 4.0.4, turba 2.0.4, and ingo 1.0.2 for > webmail, and running into a variety of cases where users are logged > out prematurely. > > > > we've tracked one of these cases to imp_key cookies timing out before > the Horde session cookie. when this happens, decryption of > $_SESSION['imp']['pass'] results in garbage, IMAP login fails, and > the user gets punted back to the login screen with a "Login failed" > error. we also get some interesting log entries (appended below). > > > > one obvious reason why this can happen is that the imp_key cookie is > set on the login screen, but the Horde cookie is reset (in > lib/Horde.php) after login. if the browser sits at the login screen > for a while (e.g. machines in a lab), the imp_key and Horde cookie > expirations may get quite out of sync. > > > > the attached patch extends all _key cookies when the Horde cookie > gets reset if $conf['session']['timeout'] is non-zero. this may not > be the best solution, but it seems to work for me. > > > > Jan 31 15:59:10 pitchblende.usg.tufts.edu HORDE[21748]: [ID 800047 > local4.error] [imp] FAILED LOGIN 130.64.202.238 to > imap.tufts.edu:993[imap/ssl] as mryan01 [on line 237 of > "/usr/local/apache/htdocs/horde/imp/lib/Auth/imp.php"] > > Jan 31 15:59:10 pitchblende.usg.tufts.edu > ZZZZZZ\217<CC>\204\204\204ZZZZ[21748]: [ID 800047 local4.notice] PHP > Notice: (null)(): Authentication failed (errflg=1) in Unknown on > line 0 > > Jan 31 15:59:10 pitchblende.usg.tufts.edu last message repeated 2 times > > Jan 31 15:59:10 pitchblende.usg.tufts.edu > ZZZZZZ*\217<CC>\204\204\204ZZZZ[21748]: [ID 800047 local4.notice] PHP > Notice: (null)(): Too many login failures (errflg=2) in Unknown on > line 0
Attachment
Watch this ticket

Saved Queries