Re: [SM-USERS] I keep getting logged out of webmail
On Thu, May 6, 2021 6:30 pm, James B. Byrne wrote: > It has happened several time since but I neglected to run the inspector > before > logging on to SM. Until today. This is what I found: > > Cookie �SQMSESSID� will be soon rejected because it has the �SameSite� > attribute set to �None� or an invalid value, without the �secure� > attribute. To > know more about the �SameSite� attribute, read > https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite That's just a warning. It won't have anything to do with the logout. Try to see if you still have the SM cookies when it happens. And please try to better describe when/how it happens - there's nothing much to go on here. Was it as a result of the folder list refresh? Some other action? And as I suggested, please try to report on (and play with) the folder refresh config setting. As for that warning, it looks like a bit of a bug in Firefox to me --- as I understand, the default should be Lax and not None. Furthermore, our cookies should be getting sent with the secure flag, assuming your site is served with SSL. I wouldn't expect Firefox to mix that up, but the cookies are all getting that flag attached as I see it. Moreover, if the default matched their docs, it would not cause this warning anyway. But I went ahead and added a 'strict' default for SameSite that should bypass all that. Pick it up in our next nightly snapshot or here are patches for 1.4.23: https://sourceforge.net/p/squirrelmail/code/14917/ Or 1.5.2: https://sourceforge.net/p/squirrelmail/code/14918/ -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php > On Tue, May 4, 2021 20:16, Paul Lesniewski wrote: >> >> >> On Mon, May 3, 2021 5:04 pm, James B. Byrne via squirrelmail-users >> wrote: >>> I believe this to be a problem with Firefox (85.0.2 FreeBSD-12.2) and >>> not >>> with squirrelmail; for the simple reason that SM has not been updated >>> while FF has and the behaviour only recently became evident. >>> >>> However, I would like to know what is going on with FF and how to turn >>> it >>> off. If anyone here knows what is happening and how to prevent it I >>> would >>> appreciate having that information. >> >> Not really possible to guess what's happening without more description >> of >> the issue or debugging info. . . . > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail >Unencrypted messages have no legal claim to privacy > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrnemailto:byrn...@harte-lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] I keep getting logged out of webmail
On Fri, May 7, 2021 06:35, Paul Lesniewski wrote: > > > On Thu, May 6, 2021 6:30 pm, James B. Byrne wrote: >> It has happened several time since but I neglected to run the inspector >> before >> logging on to SM. Until today. This is what I found: >> >> Cookie �SQMSESSID� will be soon rejected because it has the >> �SameSite� >> attribute set to �None� or an invalid value, without the �secure� >> attribute. To >> know more about the �SameSite� attribute, read >> https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite > > That's just a warning. It won't have anything to do with the logout. Try > to see if you still have the SM cookies when it happens. And please try > to better describe when/how it happens - there's nothing much to go on > here. Was it as a result of the folder list refresh? Some other action? > And as I suggested, please try to report on (and play with) the folder > refresh config setting. > I cannot recall it happening while I was in the middle of using SM, either for reading or composing. Generally, I leave the SM browser tab open, or nor, with FF open on the desktop (gnome/mate-FreeBSD-12.2) in the background. Occasionally when I go to use SM I get the logged out notice and have to log in again. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] I keep getting logged out of webmail
>> On Thu, May 6, 2021 6:30 pm, James B. Byrne wrote: >>> It has happened several time since but I neglected to run the inspector >>> before >>> logging on to SM. Until today. This is what I found: >>> >>> Cookie �SQMSESSID� will be soon rejected because it has the >>> �SameSite� >>> attribute set to �None� or an invalid value, without the >>> �secure� >>> attribute. To >>> know more about the �SameSite� attribute, read >>> https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite >> >> That's just a warning. It won't have anything to do with the logout. >> Try >> to see if you still have the SM cookies when it happens. And please try >> to better describe when/how it happens - there's nothing much to go on >> here. Was it as a result of the folder list refresh? Some other >> action? >> And as I suggested, please try to report on (and play with) the folder >> refresh config setting. >> > > I cannot recall it happening while I was in the middle of using SM, either > for > reading or composing. Generally, I leave the SM browser tab open, or nor, > with > FF open on the desktop (gnome/mate-FreeBSD-12.2) in the background. > Occasionally when I go to use SM I get the logged out notice and have to > log in > again. Also go to Options --> Folder Preferences and make sure "Auto Refresh Folder List" is enabled. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] I keep getting logged out of webmail
On Fri, May 7, 2021 8:09 pm, James B. Byrne wrote: > > > On Fri, May 7, 2021 12:44, Paul Lesniewski wrote: >> >> Also go to Options --> Folder Preferences and make sure "Auto Refresh >> Folder List" is enabled. >> > Auto Refresh Folder List: 5 Minutes What about the other things I advised you to check? Please provide as much information as you can. > Today the logout occurred while I was inspecting the cookies. These > screenshots shows the storage state immediately after the logout. What version of SM are you using? When was the date of the last time you installed it? Can you please update it? When you are properly logged in, are the cookies shown to have the HttpOnly and Secure attributes enabled? What you show looks unorthodox. Are you serving the installation over HTTPS? Is it on the local network or remote? I'd also say you should try to keep terminals open tailing three log files: web server, PHP and IMAP server and see what the corresponding log data looks like. Cheers, -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
