I know there is this thread: http://lists.roundcube.net/mail-archive/users/2011-09/0000042.html
And this ticket: http://trac.roundcube.net/ticket/1488087
But is there news on how we might roll out 0.6 (upgrade from 0.5.1) without being able to have users remove cookies?
Perhaps relatedly, we do want to change our 'des_key' but am unsure if that is safe to do. Also 'session_domain' which we seem to have in production as '' (NULL)
Should we just wait on 0.7 since 0.7-beta is the "milestone?"
We have a great testbench here and would be delighted to help however we may. . .
Ben
List info: http://lists.roundcube.net/users/ BT/9b404e9e
p.s. When I put the new version into place (at the existing URL) it breaks logged sessions, logging this:
roundcube: Session authentication failed for . . invalid auth cookie sent
This is even if I leave des_key and session_domain exactly as they were.
Ben
And this ticket: http://trac.roundcube.net/ticket/1488087
I'll go comment there too, but I am embarrassed to admit it was actually just that I had changed des_key and session_domain which caused the problems! I've kept them the same as they were in version 0.5.1 and rolled out 0.6. Thanks again for an AMAZING webmail!
Eventually I suppose it would be an improvement to set session_domain, and we would also like to change des_key. . . Any ideas how to do that without causing the session issues?
-
ben@electricembers.net -
Benjamin Connelly