On Thu, May 6, 2021 6:30 pm, James B. Byrne wrote: > It has happened several time since but I neglected to run the inspector > before > logging on to SM. Until today. This is what I found: > > Cookie �SQMSESSID� will be soon rejected because it has the �SameSite� > attribute set to �None� or an invalid value, without the �secure� > attribute. To > know more about the �SameSite� attribute, read > https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite That's just a warning. It won't have anything to do with the logout. Try to see if you still have the SM cookies when it happens. And please try to better describe when/how it happens - there's nothing much to go on here. Was it as a result of the folder list refresh? Some other action? And as I suggested, please try to report on (and play with) the folder refresh config setting. As for that warning, it looks like a bit of a bug in Firefox to me --- as I understand, the default should be Lax and not None. Furthermore, our cookies should be getting sent with the secure flag, assuming your site is served with SSL. I wouldn't expect Firefox to mix that up, but the cookies are all getting that flag attached as I see it. Moreover, if the default matched their docs, it would not cause this warning anyway. But I went ahead and added a 'strict' default for SameSite that should bypass all that. Pick it up in our next nightly snapshot or here are patches for 1.4.23: https://sourceforge.net/p/squirrelmail/code/14917/ Or 1.5.2: https://sourceforge.net/p/squirrelmail/code/14918/ -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php > On Tue, May 4, 2021 20:16, Paul Lesniewski wrote: >> >> >> On Mon, May 3, 2021 5:04 pm, James B. Byrne via squirrelmail-users >> wrote: >>> I believe this to be a problem with Firefox (85.0.2 FreeBSD-12.2) and >>> not >>> with squirrelmail; for the simple reason that SM has not been updated >>> while FF has and the behaviour only recently became evident. >>> >>> However, I would like to know what is going on with FF and how to turn >>> it >>> off. If anyone here knows what is happening and how to prevent it I >>> would >>> appreciate having that information. >> >> Not really possible to guess what's happening without more description >> of >> the issue or debugging info. . . . > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Unencrypted messages have no legal claim to privacy > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
