6.0.0-beta13
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/11/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#9438] authentication fails via syncml
*
Your Email Address
*
Spam protection
Enter the letters below:
. .\ /.__ . .. . |\ | >< [__)| ||_/ | \|/ \[__)|/\|| \
Comment
> Jan, > > We still need the change to _checkAuthentication(). The reason for > it is in the patch I sent, but basically the Horde authentication > backend creates a new session id upon successful authentication. > This is standard good practice to avoid "session fixation", but > unfortunately SyncML relies on session fixation, because the client > specifies the session id, and the server has no way to request a new > id. > > So, you have to store the session id before authentication and reset > it after, unless you want to update the authentication backend to add > a parameter to suppress session regeneration. > > -- Logan
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers