>>> Standard src/login.php automatically logs out any existing session. >>> If custom login form is used, session information is not destroyed in >>> src/redirect.php. SquirrelMail can't autologout users, because your >>> users won't notice that older account logged out and continue using >>> open browser windows. >>> >>> There are two ways to solve it. >>> >>> A) don't allow logging in, if active session is detected or ask for >>> confirmation. >> >> It is important to note that asking for confirmation will not solve >> the issue if the user does not actually go close the other window at >> some point. > > If message says that interface does not support multiple sessions in big > red > letters, user will the one who knowingly corrupts his or her preferences. > >> It is perhaps more important to note that in some environments where >> public terminals are being used, that this tactic may alert someone >> that they can access a stranger's email. Although this issue exists >> even without SquirrelMail alerting the user to the fact, some >> administrators may not like SquirrelMail making it so obvious - in >> fact, if logging in is disallowed, the user will be *forced* to go >> find the window with the stranger's email and click the signout link. > > Then display bogus login page and fail on any login instead of destroying > the > session. You can also be nice there and ask to close all browser windows > or > restart computer, if login fails. The problem is like that. When user X sends email "X"<username@xxxxxxxxxxx> it goes like that "Y"<username@xxxxxxxxxxx> > > -- > Tomas > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > -- > squirrelmail-users mailing list > Posting Guidelines: > http://www.squirrelmail.org/wiki/MailingListPostingGuidelines > List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx > List Archives: > http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user > List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
