Ticket #1484639 (closed Bugs: fixed)

Opened 11 months ago

Last modified 10 months ago

Unable to login in Firefox (multiple cookie set bug)

Reported by: ghostks Owned by:
Priority: 7 Milestone: 0.1-stable
Component: Core functionality Version: 0.1-rc2
Severity: major Keywords:
Cc:

Description

The main problem that Firefox users are unable to login. Possibly this bug is related to some reported cookie problems.

In the sess_regenerate_id() you are setting new session id via cookie but previous definition already cached in the output buffer which was set by session_start() function. It's not recommended to do this because cookies do not overwrite previous instances but appends headers with new value. First of all you should delete previous cookie and than set new one.

Here is patch. 

--- roundcubemail-0.1-rc2/program/include/session.inc 
+++ roundcube_my/program/include/session.inc 
@@ -173,6 +173,7 @@
 
   session_id($random);
   $cookie = session_get_cookie_params();
+  setcookie(session_name(), "", time() -3600);
   setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']);
 
   return true;

Change History

Changed 11 months ago by thomasb

  • milestone set to 0.1-stable

Changed 10 months ago by thomasb

  • status changed from new to closed
  • resolution set to fixed

Fixed in trunk r911

Note: See TracTickets for help on using tickets.