Hi to all.

 

I discovered a problem with the login, where after some logins and logouts, every new Login-Attempt kicked me back to the login screen. Without any mention of a problem in the logs. I searched the forum and found that some users experienced similar problems.

 

After some debugging I found the weak point. The problem is, that the sess_read and sess_write methods that are used during logout and also used from the periodical mail checking process, are not “synchronized” (thread-safe). So it is possible that the two events occur at the same time:

 

The events occur in the following order:
1. Logout calls sess_read
2. Periodical Mail Check calls sess_read
3. Logout calls sess_write (with $vars (temp|b:1))
4. Periodical Mail Check calls sess_write ($vars without temp)

 

Step 4 (“mail check”) overwrites the Session-Parameters from Step 3 (“logout”). The concrete problem in this case is the temp-Parameter. Next login, session_start reads in the session parameter, where “temp” must be true, to start a new session. Otherwise when (“temp” == false), roundcube expects a valid session and tries to resume that session. (In index.php $_SESSION[‘temp’] will be checked but fails.)

The only way a new login is possible, is to reset the cookies (restart IE and delete cookies in Firefox).

 

From my point of view, the session handlers (session_start(), session_destroy() and session_regenerate_id()) must be atomic. So the session handler must have exclusive access to the custom session methods in session.inc.

 

Micha.