Here is our sessions table in mysql : +---------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------+------------------+------+-----+---------+-------+ | sesskey | varchar(32) | | PRI | | | | expiry | int(11) unsigned | | MUL | 0 | | | value | longtext | YES | | NULL | | +---------+------------------+------+-----+---------+-------+
User information is mixing on different machines for users with apparently no connection other than they are our customers. This issue is happening more and more and is starting to become a real problem/security risk for our users. Can anyone provide a basic flow description of how and when squirrelmail populates personal information and/or gets information to send with outgoing mail? Specifically where user data is stored/retrieved from when logging in etc? For example, when sending outgoing mail does squirrelmail retrieve the from address from the longtext field from the mysql sessions table or is that kept in the user's local memory. How does squirrlemail know what the from address if the person has not set any userprefs? Thanks, Tavis On Tue, 9 Dec 2003, Tomas Kuliavas wrote: > > Here is the error message : > > > > Warning: Cannot add header information - headers already sent by (output > > started at > > /usr/local/ndn/web/squirrelmail-1.4.1/functions/page_header.php:29) in > > /usr/local/ndn/web/squirrelmail-1.4.1/functions/global.php on line 267 > > This is not error message. This is what goes _after_ error message. There > should be some output before "Cannot add header information" > > seems like some part of the code decided to close session after > functions/page_header.php started output. Maybe it was caused by some > changes in stored session information. Like deleting session information > that is in use. > > If there is no output before these messages and you can reproduce it > without deleting session information from mysql - provide list of > installed plugins with version numbers and any changes that where made to > vanilla SquirrelMail 1.4.1. > > If your user information sometimes mixes and these two users are using > browsers on different machines - what is maximum field size used to store > session information. Apache session files in temporally directory use 32 > alphanumeric symbols to store session ID. If mysql uses less symbols, > different sessions can have similar IDs. > > -- > Tomas > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > -- > squirrelmail-users mailing list > List Address: [EMAIL PROTECTED] > List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
