This bug can only be observed and reproduced as follows: Squirrelmail setup with login_auth. Version of ./functions/global.php => 1.4.16. Browser that allows you to see all the values of cookie, such as the "view cookies" add-on for Firefox. Browser must be fully closed down between each attempt to view problem.
Our mail server has http_auth via ldap at the top of the web root, so we can log in without accessing squrrelmail yet. At this point, on our server, we have neither a session nor a cookie set yet. Go to the webmail link, and after a short delay, end up on /src/redirect.php with an "unknown user or incorrect password" error. At this point both a session (with correct values set by login_auth) and a cookie exists, but the path for the cookie is set to "/webmail/src/". Click on the "go to login page" link and you are then automatically logged in, a new session is created, the old one is deleted, and a new cookie with the correct path ("/webmail/") is set.
Tracing through the code it would appear that the reason why the first cookie is set with the wrong path is because sqm_baseuri is not called either by, or before, the sqsession_start function. When I add $base_uri = $sqm_baseuri(); as the second line of code to the sqsession_start function. I am not sure if this is the right place, but it fixes the problem, so someone with a better understanding of squirrelmail than me needs to figure out it sqm_baseuri should be getting called somewhere else.
Log in to post a comment.