Menu
▾
▴
Re: [SM-DEVEL] Cookieless Squirrelmail a Pipe Dream?
|
From: Antoine D. <an...@de...> - 2007-05-31 17:57:05
|
Thijs Kinkhorst wrote : > On Thursday 31 May 2007 18:23, Daniel Watts wrote: > >> Is there any way to have squirrelmail detect when a browser isn't going >> to play with cookies and then switch to, if necessary, 'ugly mode' and >> work passing the SID in the $GET? >> > > Sure that way could exist, but as you might imagine, it would require to pass > that SID into *every* produced URL. If Jon or you want to implement that, I > see no problem with that being put into the devel tree. It's not a simple > task though. > A possible workaround for this is to enable session.use_trans_sid in your php.ini, which does just that (it adds the SID string into any URL in your output). (requires PHP >= 4.3) Another, rather easy approach could be to emulate this function, using output buffering. As an option, perhaps ? Remember that a user who didn't logout and destroy his session properly might have his account hijacked, e.g because of a URL with the SID stored in the history. Whereas session cookies are destroyed if the browser window is closed. >> At WORST, the 'You must be logged in' should be replaced with a message >> such as: >> >> "We have detected that your browser is not accepting cookies and as a >> result webmail was not able to log you in. Please ensure that cookies >> are allowed both within your browser and within your network and try again" >> >> As an example gmail shows: >> "Your browser's cookie functionality is turned off. Please turn it on." >> > > Sure, that would be good. Could you please provide a patch for something like > this? > > > Thijs > Regards, Antoine |