>> Standard src/login.php automatically logs out any existing session. >> If custom login form is used, session information is not destroyed in >> src/redirect.php. SquirrelMail can't autologout users, because your >> users won't notice that older account logged out and continue using >> open browser windows. >> >> There are two ways to solve it. >> >> A) don't allow logging in, if active session is detected or ask for >> confirmation. > > It is important to note that asking for confirmation will not solve > the issue if the user does not actually go close the other window at > some point. If message says that interface does not support multiple sessions in big red letters, user will the one who knowingly corrupts his or her preferences. > It is perhaps more important to note that in some environments where > public terminals are being used, that this tactic may alert someone > that they can access a stranger's email. Although this issue exists > even without SquirrelMail alerting the user to the fact, some > administrators may not like SquirrelMail making it so obvious - in > fact, if logging in is disallowed, the user will be *forced* to go > find the window with the stranger's email and click the signout link. Then display bogus login page and fail on any login instead of destroying the session. You can also be nice there and ask to close all browser windows or restart computer, if login fails. -- Tomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
