>>>> Standard src/login.php automatically logs out any existing session. >>>> If custom login form is used, session information is not destroyed in >>>> src/redirect.php. SquirrelMail can't autologout users, because your >>>> users won't notice that older account logged out and continue using >>>> open browser windows. >>>> >>>> There are two ways to solve it. >>>> >>>> A) don't allow logging in, if active session is detected or ask for >>>> confirmation. >>> >>> It is important to note that asking for confirmation will not solve >>> the issue if the user does not actually go close the other window at >>> some point. >> >> If message says that interface does not support multiple sessions in big >> red >> letters, user will the one who knowingly corrupts his or her >> preferences. >> >>> It is perhaps more important to note that in some environments where >>> public terminals are being used, that this tactic may alert someone >>> that they can access a stranger's email. Although this issue exists >>> even without SquirrelMail alerting the user to the fact, some >>> administrators may not like SquirrelMail making it so obvious - in >>> fact, if logging in is disallowed, the user will be *forced* to go >>> find the window with the stranger's email and click the signout link. >> >> Then display bogus login page and fail on any login instead of >> destroying the session. You can also be nice there and ask to close >> all browser windows or restart computer, if login fails. > > The problem is like that. When user X sends email > "X"<username@xxxxxxxxxxx> it goes like that "Y"<username@xxxxxxxxxxx> If both users use same browser on same machine, they are trying to use two accounts at the same time. Can't do that. I have already explained how to fix it. Warn user before allowing second login or fail second login. If users are on different computers, then they should check clock settings on their machines and you should check clock settings on server. -- Tomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
