At 07:27 AM 10/31/2005, Rafael Martinez Guerrero wrote:
On Fri, 2005-10-28 at 23:33, john crawford wrote:
Hello
>
> As I've now seen sess_deleted files show up in the php
> cache, it seems to be an issue with the sess_deleted php / IE bug.
>
This is not an IE bug. I have seen users with this problem using
firefox,IE,mozilla,safari and Opera with Windows and Mac
Oh, Okay. I though it was mainly IE that didn't get the cookies
deleted and relied on expiration to crush it.
> If I run from cron pretty aggressively
>
[............]
You can not run a job from cron more than one time every min. This is
not enougth, specially in a busy system. You have 1 min. where
everything can happen.
Yes. A quick hack at the time. But I did sleep for a few seconds
iteratively and so ran it several times during each minute run.
> As a quick ugly patch, if I just delete the sess_deleted file from
> cron, the effective user would have to
> log in again. Wouldn't they get a valid session token the second
time around?
>
I am not 100% sure about this ..... but what I can see in the logs is
that the same users have the same problem again and again so they don't
get a valid session token the second time.
Okay, well I did put into effect the modifications that Jonathan recommended
and so I believe I'm regenerating cookies if the "deleted" cookie is stored
by the client.
Rafael, I'm wondering why you combined a test for a 32 char string with your
"deleted" test.
From Aug 26:
>We patched our code so it does not use a SID with a value like 'deleted'
>or not a 32 long char string and the problem is gone.
Why the 32 char string test? I'm not sure why you included that.
By the way, one of the user's who was involved in the pref mixup incident
(user "a") has checked and did find the system date of the client
was off by much more than 1 year and one day. So maybe that explains the cookie
expiration not taking effect. (Though I would hope that timeout values would
have some other reference than client-set-time).
Thanks.
John
--
Rafael Martinez, <[EMAIL PROTECTED]>
Center for Information Technology Services
University of Oslo, Norway
PGP Public Key: http://folk.uio.no/rafael/
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
