Hi Peter,

Thanks for the report.

However, this bug is not related to our cookie policy.

We just use cookies in our left object's browser tree for persistance, and in our unit tests. Both are external libraries (xloadtree and selenium) and do not deal with authentication.

The only place we work on $_COOKIE is to strip slashes from it if the magic_quotes_gpc is on. This problem is related to the php configuration that uses cookies to keep track of the SESSIONID. So if user are disabling cookies, php can't find their session anymore.

So we should either :
1/ add some more tips in our INSTALL/FAQ
2/ get the php session conf and if cookies are used for SESSIONID, check if they are enabled in the browser side
3/ try to give a better error message when login fail, giving tips about cookies

I would prefer 1 or 3.