On 8/15/07, Tomas Kuliavas <tokul@xxxxxxxxxxxxxxxxxxxxx> wrote: > > >> Dear all, > > >> I use mail server under Debian with squirrelmail 1.4.9 but I have > > >> problem > > >> with some users informations. > > >> Most of the time, users calls me and say that their "personnal > > >> informations" has changed to another one. > > >> How can I solve this problem ? > > >> Regards, > > >> ------------ > > >> Kone Bakenon > > > > > > Do these users login to SquirrelMail on a computer that already has > > > another user > > > logged into a different SquirrelMail profile? Concurrent logins will cause > > > mixing or > > > corruption of preferences. > > > > Ok but, how can I avoid that ? > > > > > > > > Short term: tell your users to logout the previous session before they > > > login. > > > > I have already done it ! > > > > > Long-term, better solution: ideally, someone will modify SquirrelMail so > > > that any > > > login automatically logs out any existing session on the same computer. > > > > Can you help me to it ? > > Standard src/login.php automatically logs out any existing session. If custom > login form is used, session information is not destroyed in src/redirect.php. > SquirrelMail can't autologout users, because your users won't notice that older > account logged out and continue using open browser windows. > > There are two ways to solve it. > > A) don't allow logging in, if active session is detected or ask for confirmation. It is important to note that asking for confirmation will not solve the issue if the user does not actually go close the other window at some point. It is perhaps more important to note that in some environments where public terminals are being used, that this tactic may alert someone that they can access a stranger's email. Although this issue exists even without SquirrelMail alerting the user to the fact, some administrators may not like SquirrelMail making it so obvious - in fact, if logging in is disallowed, the user will be *forced* to go find the window with the stranger's email and click the signout link. > requires modifications in two scripts and solves some interface abuse problems. > > B) SquirrelMail can work without cookies > > requires modifications in many core scripts and plugins. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
