Am 22.04.2012 16:48, schrieb Michael Heydekamp:
Am 21.04.2012 14:54, schrieb A.L.E.C:
I created the ticket http://trac.roundcube.net/ticket/1488449
I wasn't able to understand the background of this thread entirely and the context between a User-Agent header and aborted sessions
this is really simple to understand
if sessions are protected from hijacking by store the inital user agent while they are created and a moron browser changes its own useragent randomly between requests the session is killed