Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#86 multiple logins at once, identity problems

open
None
7
2003-03-11
2003-03-02
Miha Verlic
No

If I open two or more tabs in mozilla, and login to
several different usernames at once, squirrelmail seems
to mix up their identities... ie: I send mail from
second account in second window, but it seems like mail
is sent from first one (based on from: field). This is
probably cookie related.

You can easily reproduce this, by setting multiple
identities to one of the account. Then simply login to
both accounts at once, and click compose in both
windows - you'll see that squirrelmail will use compose
info from first account.

Tested with squirrelmail 1.2.11 and 1.4.0 RC2a, under
apache & php 4.2.3 & 4.3.1, with mozilla 1.2.1

--Miha

Discussion

  • Logged In: YES
    user_id=285765

    Maybe include the username in the cookiename?
    In stead of SQMSESSION use SQMSESSION_kink ?

     
    • priority: 5 --> 7
     
    • assigned_to: nobody --> jangliss
     
  • Logged In: YES
    user_id=620333

    I'm trying to work out a possible solution with this problem
    at the moment. Thanks for reporting it. kink, if using
    username in session, how do you propose we find the session
    details?

     
  • Logged In: YES
    user_id=285765

    I admit, stupid suggestion, never mind me %-)

     
  • Logged In: YES
    user_id=285765

    I think that if you're opening two accounts from the same
    browser, you can hardly expect that to go right. Jon, do you
    have a solution for this problem in sight?

     
  • Logged In: YES
    user_id=620333

    Not likely in the near 1.2 or 1.4 branch... maybe if I get a
    while, I can sit and hack apart the pages... but would take
    a lot of work... And it is likely to break a lot of plugins
    at the same time. It is on the books as a major fix thing
    for 1.5 as we'll be able to seriously bash the code apart
    then as it is devel :)

    I'll have to see if I can do some major work in 1.2, and 1.4
    to see how workable it is.

     
    • assigned_to: jangliss --> nobody
     
    • assigned_to: nobody --> jangliss
     
  • Micah Morton
    Micah Morton
    2003-04-15

    Logged In: YES
    user_id=682070

    Is this something that can be tested simply by specifying
    that with conf.pl? like SQMSESSION_$username ?? seems like
    that might work, maybe I'll give that a whack. Also.. FYI:
    I can reproduce this without a hitch on the same browser NOT
    at the same time. Let me know if you would like me to try
    more things with this. I am willing and able.

    I have gotten this in both 1.2.11 as well as 1.4.0 stable.

    I too agree that this is cookie related.

    How about flushing any existing cookie upon redirect.php
    signing somebody in. Right before the cookie is inserted,
    just do a quick flush.

    Thanks,
    Micah

     
  • Logged In: YES
    user_id=620333

    If the session name is setup like that, how do you work out
    the session name? $username is stored in the session, so
    you have to start it to fetch it. My plan was the session
    id in the URL. It's all in my plans ;)

    As for the cookie being destroyed on redirect, they should
    in fact be being killed on the login page, so if you go to
    the login page, it should kill the session.