#86 multiple logins at once, identity problems

Miha Verlic

If I open two or more tabs in mozilla, and login to
several different usernames at once, squirrelmail seems
to mix up their identities... ie: I send mail from
second account in second window, but it seems like mail
is sent from first one (based on from: field). This is
probably cookie related.

You can easily reproduce this, by setting multiple
identities to one of the account. Then simply login to
both accounts at once, and click compose in both
windows - you'll see that squirrelmail will use compose
info from first account.

Tested with squirrelmail 1.2.11 and 1.4.0 RC2a, under
apache & php 4.2.3 & 4.3.1, with mozilla 1.2.1



  • Thijs Kinkhorst

    Thijs Kinkhorst - 2003-03-04

    Logged In: YES

    Maybe include the username in the cookiename?
    In stead of SQMSESSION use SQMSESSION_kink ?

  • Jonathan Angliss

    • priority: 5 --> 7
  • Jonathan Angliss

    • assigned_to: nobody --> jangliss
  • Jonathan Angliss

    Logged In: YES

    I'm trying to work out a possible solution with this problem
    at the moment. Thanks for reporting it. kink, if using
    username in session, how do you propose we find the session

  • Thijs Kinkhorst

    Thijs Kinkhorst - 2003-03-05

    Logged In: YES

    I admit, stupid suggestion, never mind me %-)

  • Thijs Kinkhorst

    Thijs Kinkhorst - 2003-03-11

    Logged In: YES

    I think that if you're opening two accounts from the same
    browser, you can hardly expect that to go right. Jon, do you
    have a solution for this problem in sight?

  • Jonathan Angliss

    Logged In: YES

    Not likely in the near 1.2 or 1.4 branch... maybe if I get a
    while, I can sit and hack apart the pages... but would take
    a lot of work... And it is likely to break a lot of plugins
    at the same time. It is on the books as a major fix thing
    for 1.5 as we'll be able to seriously bash the code apart
    then as it is devel :)

    I'll have to see if I can do some major work in 1.2, and 1.4
    to see how workable it is.

  • Thijs Kinkhorst

    Thijs Kinkhorst - 2003-03-11
    • assigned_to: jangliss --> nobody
  • Thijs Kinkhorst

    Thijs Kinkhorst - 2003-03-11
    • assigned_to: nobody --> jangliss
  • Micah Morton

    Micah Morton - 2003-04-15

    Logged In: YES

    Is this something that can be tested simply by specifying
    that with conf.pl? like SQMSESSION_$username ?? seems like
    that might work, maybe I'll give that a whack. Also.. FYI:
    I can reproduce this without a hitch on the same browser NOT
    at the same time. Let me know if you would like me to try
    more things with this. I am willing and able.

    I have gotten this in both 1.2.11 as well as 1.4.0 stable.

    I too agree that this is cookie related.

    How about flushing any existing cookie upon redirect.php
    signing somebody in. Right before the cookie is inserted,
    just do a quick flush.


  • Jonathan Angliss

    Logged In: YES

    If the session name is setup like that, how do you work out
    the session name? $username is stored in the session, so
    you have to start it to fetch it. My plan was the session
    id in the URL. It's all in my plans ;)

    As for the cookie being destroyed on redirect, they should
    in fact be being killed on the login page, so if you go to
    the login page, it should kill the session.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks