Ticket #1484592 (closed Bugs: invalid)

Opened 15 months ago

Last modified 15 months ago

New sessions after login

Reported by: Ni@… Owned by:
Priority: 1 - Highest Milestone:
Component: Core functionality Version: svn-trunk
Severity: critical Keywords:
Cc:

Description

Each time after successful login roundcube tries creates new session: 

sess_regenerate_id();

You should remove it, because no info about login is saved there, or generate new session and then perform login routine!

Change History

Changed 15 months ago by thomasb

  • status changed from new to closed
  • resolution set to invalid

No, this is the intended behavior. The session ID you get when opening the login-form should be thrown away after the login succeeded for security reasons. If this does not work, there's something wrong with the session module of your PHP installation.

Note: See TracTickets for help on using tickets.