Hello Ryan, On Wednesday, April 02, 2003, Ryan wrote... >> We know about it... and I am working on fixing it in 1.5... >> Unfortunately due to the current architecture, I cannot fix it in >> the latest versions. The only thing I can say is don't use multiple >> logins from the same browser. It is a limitation in the way we do >> our session handling, which is under the chopping block at the >> moment for 1.5. If, after reviewing the changes, I can make the >> changes portable to previous versions, I *might* be able to >> backport it. No promises at all... just a big *might*.
> I'm just curious, but what are some ideas you have for fixing this > issue? It seems like it's a hard one to fix because the PHP session > applies to all the pages in a browser! It's not actually that difficult to fix it... it's just a *lot* of work, and will cause a lot of other things to break in the process. The problem is we store the session ID in a cookie. That cookie has to have a fixed name, otherwise PHP cannot find it to get the session information out of it. When you use the same browser for multiple logins, it tries using the same cookie. And as such, the sessions cross over, and the first login then assumes the second logins session. The solution is not to use a cookie to store the session id in... but the URL/post values. So a URL then becomes this: /src/right_main.php?smsessid=123456 or <input type="hidden" name="smsessid" value="123456"> Then fetch it from there. As URLs never cross between browser instances, the sessions are safe... or should be anyway. The problem is... go into your squirrelmail directory, and do this: # grep -ir "href=" * And you will get waaaay to many links to fix quickly... which is why I wanted to leave it until 1.5 when breaking something won't be so bad as it is development version. This kind of change won't only break parts of SM... but plugins as well as they won't know what to do with the link. That is another _GOOD_ reason for the sm_init stuff that is planned for SM 1.5+ as we shall probably be handling most of that for them. Does any of that make sense? -- Jonathan Angliss ([EMAIL PROTECTED]) ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
