[pkg-horde] Bug#433458: Bug#433458: imp4: Login works with IE but not with firefox

Ola Lundqvist ola at opalsys.net
Tue Jul 17 15:44:35 UTC 2007


Hi

On Tue, Jul 17, 2007 at 05:33:46PM +0200, Leonardo Maccari wrote:
> Ola Lundqvist ha scritto:
> > Hi
> > 
> >>> // Ola
> >> by the way.. if this is the place where imp puts the cookies, and it was
> >> wrong, why did it work with IE?
> > 
> > IE and firefox have different cookie handling. I actually think your
> > problem is that you have a general cookie stored for some top site
> > in that domain with the same name as the one that imp4 uses. The reason
> > why it works in IE is probably that you do not have that cookie there. :) 
> 
> let me understand. That is the directory where IMP stores its cookies,
> or where it tells the browser to store the cookie?
> If the correct answer is the first one, then I have no clue why it
> should work with IE, otherwise it might be that IE just handles it
> cookies withouth caring what IMP tells.

The answer is none of them actually. This path is used in combination
with the domain name to determine if a stored cookie should be presented
to the server or not. It seems like IE just use regular expressions
to match which cause /horde to match. However Firefox seems to be
directory aware (not that simple regular expression) which makes /horde
fail, but /horde3 work.

> what I can tell you is that we control only the domain
> lart.det.unifi.it/lenst.det.unifi.it, and have no control over
> det.unifi.it, and that whatever is not lart/lenst has nothing to deal
> with our webserver.

Ok. The problem is that session cookies are stored as
*.lart.det.unifi.it/horde3 in the client. The problem is that
if someone on det.unifi.it have a similar cookie stored as
*.det.unifi.it/horde3 and you have tried to use that, you will
not be able to login to lart.det.unifi.it/horde3 anymore. This
is a general php session cookie problem and not specific to horde.

However, as I understand you, you had not the later problem, but
rather the first.

Regards,

// Ola

> ciao,
> LM.
> 

-- 
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/  ola at opalsys.net                   Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://opalsys.net/               Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------




More information about the pkg-horde-hackers mailing list