Quoting Adam Tauno Williams <awill...@opengroupware.us>:
Does a POST to /login.php with a HTTP/302 response with a location
header of
"http://horde_p.mormail.com/imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4";
indicate that authentication was successful?
Yes.
Then the GET request follows to
"GET /imp/dynamic.php?page=mailbox&u=195593741754bea9e98dbd4" ang gets a
HTTP/302 with a Location header back to the "login.php" page. So I just
got kicked out?
Notably the GET request to /imp/dynamic does not contain a Cookie
header.
The Set-Cookie in the original HTTP/302 [in response to login.php] looks
like -
Set-Cookie: Horde=3k1r7gt07.....8rn9e2; path=/;
domain=horde_p.example.com; HttpOnly
Set-Cookie: horde_secret_key=3k1r7g.....em88rn9e2; path=/;
domain=horde_p.example.com; httponly
Set-Cookie: default_horde_view=deleted; expires=Thu, 01-Jan-1970
00:00:01 GMT; Max-Age=0; path=/; domain=horde_p.example.com
It would appear the issue is somehow related to cookies and session
persistence. Setting "$conf['session']['use_only_cookies'] = false;"
allows login via Internet Explorer.
That does sound like a cookie issue. But PHP handles setting cookies
on the browser-side, so that wouldn't be a Horde issue (and, as
mentioned before, I can't reproduce using cookies with IE 11).
michael
___________________________________
Michael Slusarz [slus...@horde.org]
--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
