6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
11/8/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#3386] logouts due to imp_key cookie timeouts.
*
Your Email Address
*
Spam protection
Enter the letters below:
__ ._..__..__ . . / ` | | || \|__| \__._|_|__||__/| |
Comment
>> we're using horde 3.0.5, imp 4.0.4, turba 2.0.4, and ingo 1.0.2 for > >> webmail, and running into a variety of cases where users are logged > >> out prematurely. > >> > >> we've tracked one of these cases to imp_key cookies timing out before > >> the Horde session cookie. when this happens, decryption of > >> $_SESSION['imp']['pass'] results in garbage, IMAP login fails, and > >> the user gets punted back to the login screen with a "Login failed" > >> error. we also get some interesting log entries (appended below). > >> > >> one obvious reason why this can happen is that the imp_key cookie is > >> set on the login screen, but the Horde cookie is reset (in > >> lib/Horde.php) after login. if the browser sits at the login screen > >> for a while (e.g. machines in a lab), the imp_key and Horde cookie > >> expirations may get quite out of sync. > > > > I've implemented some code (currently only in HEAD) to deal with this > - the code has been cleaned up somewhat from what you submitted. > See: > http://lists.horde.org/archives/cvs/Week-of-Mon-20060227/055354.html > > > > Could you see if this works for you?
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers