Discussion:
[horde] users are able to login without password...
Anant S Athavale
2005-08-03 05:52:32 UTC
Permalink
users are able to login without password.

When the user has logged in and closes the browser without logout. He again
opens the browser and visits mail home page. He is logged in without username
and password. Is it suppose to behave like this when a browser is closed
without logout or any problem with the configuration.

We have setup up Horde 3.0.5 RC-2 and imp 4.0.3 and other latest stable HORDE 3
application.

The System runs Apache 2.0.48 on RHEL AS 3.0 Update 5.

The horde configuration file as below:

$conf['debug_level'] = E_CORE_WARNING;
$conf['max_exec_time'] = 0;
$conf['use_ssl'] = 2;
$conf['server']['name'] = $_SERVER['SERVER_NAME'];
$conf['server']['port'] = $_SERVER['SERVER_PORT'];
$conf['compress_pages'] = true;
$conf['umask'] = 077;
$conf['session']['name'] = 'Horde';
$conf['session']['cache_limiter'] = 'nocache';
$conf['session']['timeout'] = 36000;
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
$conf['cookie']['path'] = '/';
$conf['sql']['persistent'] = true;
$conf['sql']['hostspec'] = 'localhost';
$conf['sql']['username'] = 'horde';
$conf['sql']['password'] = 'password';
$conf['sql']['protocol'] = 'tcp';
$conf['sql']['database'] = 'horde';
$conf['sql']['charset'] = 'iso-8859-1';
$conf['sql']['phptype'] = 'pgsql';
$conf['auth']['admins'] = array('asa at isac.ernet.in','rakesh at isac.ernet.in');
$conf['auth']['checkip'] = true;
$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['signup']['allow'] = false;
$conf['signup']['approve'] = true;
$conf['signup']['preprocess'] = false;
$conf['signup']['queue'] = false;
$conf['log']['priority'] = PEAR_LOG_NOTICE;
$conf['log']['ident'] = 'HORDE';
$conf['log']['params'] = array();
$conf['log']['name'] = '/tmp/horde.log';
$conf['log']['params']['append'] = true;
$conf['log']['type'] = 'file';
$conf['log']['enabled'] = true;
$conf['log_accesskeys'] = false;
$conf['prefs']['params']['driverconfig'] = 'horde';
$conf['prefs']['driver'] = 'sql';
$conf['datatree']['params']['driverconfig'] = 'horde';
$conf['datatree']['driver'] = 'sql';
$conf['group']['driver'] = 'datatree';
$conf['cache']['default_lifetime'] = 1800;
$conf['cache']['params']['dir'] = Horde::getTempDir();
$conf['cache']['driver'] = 'file';
$conf['token']['driver'] = 'none';
$conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail';
$conf['mailer']['params']['sendmail_args'] = '-oi';
$conf['mailer']['type'] = 'sendmail';
$conf['vfs']['params']['driverconfig'] = 'horde';
$conf['vfs']['type'] = 'sql';
$conf['sessionhandler']['type'] = 'none';
$conf['image']['convert'] = '/usr/bin/convert';
$conf['mime']['magic_db'] = '/usr/share/misc/magic';
$conf['problems']['email'] = 'mailproblems at isac.ernet.in';
$conf['menu']['always'] = false;
$conf['menu']['links']['help'] = 'all';
$conf['menu']['links']['options'] = 'authenticated';
$conf['menu']['links']['problem'] = 'all';
$conf['menu']['links']['login'] = 'all';
$conf['menu']['links']['logout'] = 'authenticated';
$conf['logo']['image'] = 'http://isacmail2.isac.dos.gov.in/isrologo.bmp';
$conf['hooks']['username'] = false;
$conf['hooks']['preauthenticate'] = false;
$conf['hooks']['postauthenticate'] = false;
$conf['hooks']['authldap'] = false;
$conf['kolab']['enabled'] = false;


Regards,

Anant Athavale.
Michael M Slusarz
2005-08-03 06:28:49 UTC
Permalink
Post by Anant S Athavale
users are able to login without password.
When the user has logged in and closes the browser without logout. He again
opens the browser and visits mail home page. He is logged in without username
and password. Is it suppose to behave like this when a browser is closed
without logout or any problem with the configuration.
Verify your browser is correctly destroying the cookie after
closing/reopening.

michael

_______________________________________
Michael Slusarz [slusarz at curecanti.org]
Anant S Athavale
2005-08-03 08:24:25 UTC
Permalink
The problem happens when the option allow sites to set cookies is checked.

It does not happen when I disable cookies in the Firefox browser (unchecked
Allow allow sites to set cookies option ).

Is it what you mean by destroying the cookie after closing/reopening?
Post by Michael M Slusarz
Post by Anant S Athavale
users are able to login without password.
When the user has logged in and closes the browser without logout. He again
opens the browser and visits mail home page. He is logged in without username
and password. Is it suppose to behave like this when a browser is closed
without logout or any problem with the configuration.
Verify your browser is correctly destroying the cookie after
closing/reopening.
michael
_______________________________________
Michael Slusarz [slusarz at curecanti.org]
--
Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
Regards,

Anant Athavale,
Computer and Information Group,
ISRO Satellite Centre,
Airport Road,
Bangalore - 560017
INDIA.

080-25083512
98866-05276
sisterscape
2005-08-03 15:13:14 UTC
Permalink
1. It's a little different than that on dialup. Yes, if I login to
Horde, move on to other sites then return to Horde in the same session,
my inbox is still there and active. However, next dialup connection, I
am asked to reenter my PW since it is a different IP number. Previous
version of Horde would allow the Login to remain active over multiple
internet connections. Eventually it would time out and I'd have to
login again which was a bit of a hassle but acceptable with the IE6
autocomplete function.

2. However,The IE6 function to save UN and PW no longer works in Horde
and this is very distressing as without it, many, many logins are
required throughout the day. How can I get the auto login to work
again? PLEASE HELP!

sisterscape


--- Anant S Athavale <asa at isac.ernet.in> wrote:

When the user has logged in and closes the browser without logout. He
again opens the browser and visits mail home page. He is logged in
without username and password. Is it suppose to behave like this when
a browser is closed without logout or any problem with the
configuration.




____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
Kevin M. Myer
2005-08-03 15:24:35 UTC
Permalink
Administration -> Setup -> Horde -> Authentication.

Uncheck the "Should we always store and validate the IP address ofthe
client..."
box, near the top of the tab.

Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
Jigish Gohil
2005-08-03 16:39:08 UTC
Permalink
Well, I have noticed the same behavior in gmail too. I am sure its to
do with session cookies.

Jigish
Post by Kevin M. Myer
Administration -> Setup -> Horde -> Authentication.
Uncheck the "Should we always store and validate the IP address ofthe
client..."
box, near the top of the tab.
Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
--
Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
Anant S Athavale
2005-08-04 13:26:58 UTC
Permalink
This did not help.

I have set the following in php.ini:


session.cookie_lifetime = 36000

and horde/config/conf.php

$conf['session']['timeout'] = 36000;


My requirement is, the user should not get session_timeout within the
same day. But, closing browser should not allow him to login without
username and
password.

What are the correct settings for both to achieve that?


Regards,
Anant.
Post by Kevin M. Myer
Administration -> Setup -> Horde -> Authentication.
Uncheck the "Should we always store and validate the IP address ofthe
client..."
box, near the top of the tab.
Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
--
Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
Vilius Šumskas
2005-08-04 14:16:05 UTC
Permalink
Hello Anant,
Post by Anant S Athavale
This did not help.
session.cookie_lifetime = 36000
and horde/config/conf.php
$conf['session']['timeout'] = 36000;
My requirement is, the user should not get session_timeout within the
same day. But, closing browser should not allow him to login without
username and
password.
What are the correct settings for both to achieve that?
$conf['session']['timeout'] = 0;
--
Best regards,
Vilius mailto:vilius at lnk.lt
Anant S Athavale
2005-08-06 04:21:51 UTC
Permalink
Thanks. It has helped.

Thank you very much.

-Anant.
Post by Vilius Å umskas
Hello Anant,
Post by Anant S Athavale
This did not help.
session.cookie_lifetime = 36000
and horde/config/conf.php
$conf['session']['timeout'] = 36000;
My requirement is, the user should not get session_timeout within the
same day. But, closing browser should not allow him to login without
username and
password.
What are the correct settings for both to achieve that?
$conf['session']['timeout'] = 0;
--
Best regards,
Vilius mailto:vilius at lnk.lt
--
Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
sisterscape
2005-08-03 17:16:02 UTC
Permalink
My gmail account only makes me login every two weeks or so.
Post by Jigish Gohil
Well, I have noticed the same behavior in gmail too. I am sure its to
do with session cookies.
Jigish
Post by Kevin M. Myer
Administration -> Setup -> Horde -> Authentication.
Uncheck the "Should we always store and validate the IP address
ofthe
Post by Kevin M. Myer
client..."
box, near the top of the tab.
Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
--
http://horde.org/bounties/#horde
Post by Kevin M. Myer
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
--
Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: horde-unsubscribe at lists.horde.org
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Michael M Slusarz
2005-08-03 19:03:41 UTC
Permalink
Post by sisterscape
My gmail account only makes me login every two weeks or so.
then gmail is setting its cookies to expire after two weeks. By
default, PHP expires its cookies immediately - meaning the cookies
should be deleted once the browser closes. If a user has modified
session.cookie_lifetime in the php.ini file, or has changed
$conf['session']['timeout'] to a value other than 0, than they may see
this behavior. If either of these is the case here, this information
was *never* provided in the original post.

michael

_______________________________________
Michael Slusarz [slusarz at curecanti.org]
Loading...