Re: [Dbmail] Squirrelmail 1.4.2 integration problem w/ dbmail-imapd 1.2.2

Thu, 1 Apr 2004 02:48:53 +0200 (CEST) 

My Configuration:
- Squirrelmail 1.4.2
- DBMail 1.2.5
- PHP 4.3
- Apache 2.0
- Mozilla 1.6


My Problem:
When the user logs in with correct username and password he sees the error message, "You must be logged in to access this page." All configurations are apparently correct. No session cookie is set, but two cookies ("key" and "squirrelmail_language") are set. I initially thought that perhaps protocol negotiations between Squirrelmail and DBMail might be the problem. 


Cause Of My Problem:
Mozilla was ignoring/rejecting the session cookie because it was configured to accept cookies from the originating server only. This means that Mozilla examines the domain field of any cookie that is set and compares it to the hostname of the current URL. In the case of the Squirrelmail session cookie, but not the other cookies set by Squirrelmail, the domain field is blank. 


My Solution:
I could have just re-configured Mozilla to accept cookies from anywhere, but I consider this to be a bug in Squirrelmail; I believe that Squirrelmail should work with the browser configuration I had. I instead patched functions/global.php to behave better with the session cookie. Now with no browser configuration changes, and thus no unnecessary concessions on browser privacy, I can login without problems. 

(This patch also times out sessions after 20 minutes of user idle time.)

=============================================================
$ cd squirrelmail/functions
$ diff -Naur global.php.bak global.php
--- global.php.bak      Wed Mar 31 17:40:33 2004
+++ global.php  Wed Mar 31 18:39:05 2004
@@ -34,6 +34,7 @@
* it is run via a require_once directive in validate.php
* and redirect.php. Patch submitted by Ray Black.
*/
+session_set_cookie_params(1200, '/', $domain);
sqsession_is_active();
if ( !check_php_version(4,1) ) {
 global $_COOKIE, $_ENV, $_FILES, $_GET, $_POST, $_SERVER, $_SESSION;
=============================================================
Thanks everyone for offering suggestions on this problem; and sorry for the false alarm, since this actually had nothing to do with DBMail. 

--
Will Berry
Co-founder, Second Brain website hosting
http://www.secondbrainhosting.com/

Reply via email to