>> > I wonder if this may have something to do with premature cookie >> > deletion. I deleted all of my cookies while logged in to >> > squirrelmail. After I re-logged in, I checked the sessions in mysql >> > and found a new session along with the old session. >> >> Well the old session isn't going to be trashed because there is >> nothing telling it to be trashed. PHP might be smart enough, and >> remember to clean it up after a while based on the setting in PHP, but >> that's not even guaranteed. >> >> > Since the value field in sessions hold all of the user prefs ( name, >> > from, reply to, etc. ), if the old session somehow got reused by >> > anothe ruser this might explain the symptom. Does anyone know how >> > the sesskey is generated? >> >> Not a clue... that's a PHP question really... might need to look at >> the code. >> > > > [Topic: session hijacking / wrong sender address / etc...] > > This thread seems to end without conclussion. Was the problem with the > PHP > session ID, filename or something else? > > We have just started seeing the same problem since concurrent user count > has > increased. In short user B inherits user A's preferences despite not > using the > same host/browser. We're using file based preferences. The problem seems > to occur when users login at roughly the same time. > > I'm looking into the workings of PHP session handling, but if someone > already > knows how filenames are generated and can tell me that would be a great > help. > My current theory is that session filename is based on time of day and the > time > resolution is not high enough. Some entropy is required, perhaps. SquirrelMail has sqsession_is_active() function. Log all sessions with session id equal to 'deleted'. See http://thread.gmane.org/gmane.mail.squirrelmail.devel/8070 -- Tomas ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
