Hello.

Yesterday I've made clean install of the latest RC2 and found interesting issue - I was unable to login via Firefox. Entering correct login/pass roundcube were redirecting me back to the login page. IE/Opera were working perfectly.

After some research I've discovered that it was the bug with the cookie handling mechanism in the Roundcube. Some browsers understand multiple cookie setting in one session but it's breaking the idea of cookies. IE/Opera does handle but Firefox is one of them which do not handle such situations.

If you'll check Firefox cache after login try you'll see 2 cookies with the same name and this is the main problem - Firefox can't decide which one to use :) and doesn't use anyone.

In the sess_regenerate_id() you are setting new session id via cookie but previous definition already cached in the output buffer which was set by session_start() function. It's not recommended to do this because cookies do not overwrite previous instances but appends headers with new value. First of all you should delete previous cookie and than set new one.

Here is patch.

--- roundcubemail-0.1-rc2/program/include/session.inc +++ roundcube_my/program/include/session.inc @@ -173,6 +173,7 @@

session_id($random); $cookie = session_get_cookie_params();

• setcookie(session_name(), "", time() -3600); setcookie(session_name(), $random, $cookie['lifetime'],

$cookie['path']);

return true;

P.S. In then near future I'm planning to revise russian, latvian localization. I saw that Artur Smolkin made some updates but just in case we'll check if something is missing or incorrect. P.S.S. Also it is possible to translate documentation to russian and latvian if you need.

Regards, Andris

List info: http://lists.roundcube.net/dev/