Re: I keep getting logged out of webmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, May 6, 2021 6:30 pm, James B. Byrne wrote:
> It has happened several time since but I neglected to run the inspector
> before
> logging on to SM.  Until today.  This is what I found:
> Cookie �SQMSESSID� will be soon rejected because it has the �SameSite�
> attribute set to �None� or an invalid value, without the �secure�
> attribute. To
> know more about the �SameSite� attribute, read

That's just a warning. It won't have anything to do with the logout.  Try
to see if you still have the SM cookies when it happens.  And please try
to better describe when/how it happens - there's nothing much to go on
here.  Was it as a result of the folder list refresh?  Some other action? 
And as I suggested, please try to report on (and play with) the folder
refresh config setting.

As for that warning, it looks like a bit of a bug in Firefox to me --- as
I understand, the default should be Lax and not None.  Furthermore, our
cookies should be getting sent with the secure flag, assuming your site is
served with SSL.  I wouldn't expect Firefox to mix that up, but the
cookies are all getting that flag attached as I see it.  Moreover, if the
default matched their docs, it would not cause this warning anyway.

But I went ahead and added a 'strict' default for SameSite that should
bypass all that.  Pick it up in our next nightly snapshot or here are
patches for 1.4.23:

Or 1.5.2:

Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!

> On Tue, May 4, 2021 20:16, Paul Lesniewski wrote:
>> On Mon, May 3, 2021 5:04 pm, James B. Byrne via squirrelmail-users
>> wrote:
>>> I believe this to be a problem with Firefox (85.0.2 FreeBSD-12.2) and
>>> not
>>> with squirrelmail; for the simple reason that SM has not been updated
>>> while FF has and the behaviour only recently became evident.
>>> However, I would like to know what is going on with FF and how to turn
>>> it
>>> off. If anyone here knows what is happening and how to prevent it I
>>> would
>>> appreciate having that information.
>> Not really possible to guess what's happening without more description
>> of
>> the issue or debugging info.  . . .
> --
> ***          e-Mail is NOT a SECURE channel          ***
>         Do NOT transmit sensitive data via e-Mail
>    Unencrypted messages have no legal claim to privacy
>  Do NOT open attachments nor follow links sent by e-Mail
> James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
> Harte & Lyne Limited
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3

squirrelmail-users mailing list
Posting guidelines:
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives:
List info (subscribe/unsubscribe/change options):

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux