#258 squirrelmail plugin login error



Found a problem with squirrelmail plugin and postfixadmin - if I made changes in "Forwarding", "Auto Response" or "Change Password", then click "Sigh Out" and login again, I can't access "Forwarding", "Auto Response" or "Change Password" anymore due to "ERROR You must be logged in to access this page."

I can reproduce this problem on Squrrelmail 1.4.21 and 1.4.22 with Postfixadmin 2.3.3 but can't reproduce on Squirrelmail 1.4.15


  • Juri Gurjanov

    Juri Gurjanov - 2011-08-18

    Forgot to say, that if I close browser window, and login again, I can access plugin parts, until some changes were made.

  • Christian Boltz

    Christian Boltz - 2011-08-21

    That sounds like a problem with the PHP session and/or session cookies.

    It would be helpful if you can find out the exact squirrelmail version that introduced the problem.
    The squirrelmail changelog [1] mentions various session-related changes for the 1.4.19 release, which sound like the best "candidate" for introducing the problem you describe.
    Can you please tes/verifyt if
    - 1.4.19 contains the bug you mentioned
    - 1.4.18 works bug-free

    Knowing this will hopefully help to find the bug. (It might as well be a bug/regression in squirrelmail.)

    [1] http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=14139&view=markup

  • Juri Gurjanov

    Juri Gurjanov - 2011-08-25

    According to my test, latest version w/o problem - 1.4.17.

  • Juri Gurjanov

    Juri Gurjanov - 2011-08-25

    Actually, adding next code to line 389 in squirrelmail/functions/global.php fix the problem.

    sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'plugins/');
    sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'plugins');
    sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'plugins/postfixadmin');
    sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri . 'plugins/postfixadmin/');

    Not sure, what folder you use to store session cookies.

  • Christian Boltz

    Christian Boltz - 2011-08-26

    Giving only a linenumber as context is not really useful because it heavily depends on the version ;-)
    Please provide a "diff -u" (unified diff) patch.

    That said: This issue might be a bug in squirrelmail itsself. Can you report it to the squirrelmail developers, please (with the patch included)? Then add a link to the squirrelmail bugreport here.

    BTW: The path "plugins" and "plugins/" should be enough. "plugins/postfixadmin" is in theory more secure (because other plugins can't access the session cookie), but that's more a theoretical issue IMHO.


Log in to post a comment.