-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi R.,
On Monday, January 16, 2006, R. wrote:
> Ok I start another thread.
> Hello.
> Why can't I do multiple logins with the same browser? Once I login a
> second time every action in the first login lead to a "You are not logged
> in" error message. This happens even when I login to a different account.
> I guess this has something to do with the cookie. Is it hard to change the
> code for the cookie to allow a additional cookie for every login? Is this
> already on a to do list somewhere?
The cookie names have to be unique. To have unique cookie names,
something has to be parsed between each page to tell the next page
what the unique cookie name is, to do that requires some work. A
simple solution, though not too small of a job is to enable trans_sid
in your session settings in php.ini, disable session cookies in your
php.ini, and find all calls to fetching the 'key' cookie, and changing
them to fetching a random name, which you store in the session. ie:
src/redirect.php
// generate random cookie name //
$cookie = 'sqmkey_' . time();
sqsession_register($cookie, 'key_name);
setcookie($cookie, $key...);
Then in all other places that require the key cookie:
sqgetGlobalVar('key_name', $cookie, SQ_SESSION);
sqgetGlobalVar($cookie, $key, SQ_COOKIE);
Or something like that. I think somebody had already started working
on creating a central point to fetch the key cookie, but I think
that's currently in development. And yes... I know appending time() to
the end of a cookie name is hardly random, but I'd be impressed if you
could generate two logins at exactly the same second from two
different browsers :) Not that I don't think a better "random" would
be needed.
This is something that is on my books to "fix" however a number of
other things need to be done before a decent job of fixing this can
really be done.
- --
Jonathan Angliss
<[EMAIL PROTECTED]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFDzHtHK4PoFPj9H3MRAtufAKC6ZtGYsvp8WCvivCRk21sQuHn+nACg3D6O
1MTrdT1X3SahvWW3uNu5wZQ=
=pKxQ
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
