Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#86 multiple logins at once, identity problems

open
None
7
2003-03-11
2003-03-02
Miha Verlic
No

If I open two or more tabs in mozilla, and login to
several different usernames at once, squirrelmail seems
to mix up their identities... ie: I send mail from
second account in second window, but it seems like mail
is sent from first one (based on from: field). This is
probably cookie related.

You can easily reproduce this, by setting multiple
identities to one of the account. Then simply login to
both accounts at once, and click compose in both
windows - you'll see that squirrelmail will use compose
info from first account.

Tested with squirrelmail 1.2.11 and 1.4.0 RC2a, under
apache & php 4.2.3 & 4.3.1, with mozilla 1.2.1

--Miha

Discussion

1 2 > >> (Page 1 of 2)
  • Logged In: YES
    user_id=285765

    Maybe include the username in the cookiename?
    In stead of SQMSESSION use SQMSESSION_kink ?

     
    • priority: 5 --> 7
     
    • assigned_to: nobody --> jangliss
     
  • Logged In: YES
    user_id=620333

    I'm trying to work out a possible solution with this problem
    at the moment. Thanks for reporting it. kink, if using
    username in session, how do you propose we find the session
    details?

     
  • Logged In: YES
    user_id=285765

    I admit, stupid suggestion, never mind me %-)

     
  • Logged In: YES
    user_id=285765

    I think that if you're opening two accounts from the same
    browser, you can hardly expect that to go right. Jon, do you
    have a solution for this problem in sight?

     
  • Logged In: YES
    user_id=620333

    Not likely in the near 1.2 or 1.4 branch... maybe if I get a
    while, I can sit and hack apart the pages... but would take
    a lot of work... And it is likely to break a lot of plugins
    at the same time. It is on the books as a major fix thing
    for 1.5 as we'll be able to seriously bash the code apart
    then as it is devel :)

    I'll have to see if I can do some major work in 1.2, and 1.4
    to see how workable it is.

     
    • assigned_to: jangliss --> nobody
     
    • assigned_to: nobody --> jangliss
     
  • Micah Morton
    Micah Morton
    2003-04-15

    Logged In: YES
    user_id=682070

    Is this something that can be tested simply by specifying
    that with conf.pl? like SQMSESSION_$username ?? seems like
    that might work, maybe I'll give that a whack. Also.. FYI:
    I can reproduce this without a hitch on the same browser NOT
    at the same time. Let me know if you would like me to try
    more things with this. I am willing and able.

    I have gotten this in both 1.2.11 as well as 1.4.0 stable.

    I too agree that this is cookie related.

    How about flushing any existing cookie upon redirect.php
    signing somebody in. Right before the cookie is inserted,
    just do a quick flush.

    Thanks,
    Micah

     
1 2 > >> (Page 1 of 2)