Results 1 to 3 of 3

Thread: Preauth: Block cookie?

  1. #1
    Join Date
    Jun 2008
    Posts
    15
    Rep Power
    7

    Question Preauth: Block cookie?

    Hello,

    I've been working on a simple ZMS administration interface for our Customer Support department, and one of the big issues is the way the "view mail" system works. Using the offical Admin interface or my own hand-crafted SOAP interface, using preauth (clicking "view mail" in the Admin interface) ships the browser to a URL such as "http://webmail.example.com/service/preauth?authtoken=", in which the HTTP header:

    Set-Cookie: ZM_AUTH_TOKEN=MY_REALLY_LONG_AUTH_STRING;Path=/


    appears. My issue is this: Many of my support agents use a single browser intance to do their jobs (ie, Firefox with many tabs, etc). When this "view mail" action happens, it kills their currnet cookie with the mail server, thus, logging them out of their own mail instance.

    The best solution here is to somehow tell preauth not to set a cookie, but rather just to set a session. If this isnt poissible due to the backend of Zimbra, possibly one could mangle the _name_ of the cookie?


    Thanks for all your help ahead of time. As usual, I will post here if I manage to figure this out myself.


    - Seandon Mooy

  2. #2
    Join Date
    Jun 2008
    Posts
    15
    Rep Power
    7

    Default

    I'm going to impliment something terrible... What I've done is altered my script to collect the ZM_AUTH_TOKEN, and keep it in a session. Then, the user it forwarded to Zimbra, delegates into the new user and gets a new ZM_AUTH_TOKEN. When the user is done, they click the "logout" button in zimbra, which forwards them to another script, which restores the users cookie for the session.

    This is a terrible way of doing things, and its only a fix for my scripts, not for the Zimbra main interface.

  3. #3
    Join Date
    Oct 2009
    Posts
    1
    Rep Power
    6

    Default Block cookie

    Hi,

    I just read your post, and i'm having something similir when i connect my zimbra with CAS to have a SSO.

    Could you plese tell me what did you do to correct the problem in your script? i check login.jsp and i see about you said.

    I also have to say that i'm actually checking the Zimbra 6 version and the problem is still the same.

    Thanks for all

Similar Threads

  1. Preauth and REST in one request?
    By brharp in forum Developers
    Replies: 1
    Last Post: 12-09-2009, 06:06 AM
  2. [SOLVED] Another PHP Preauth example
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 04:48 PM
  3. Preauth documentation improvements
    By riogd in forum Developers
    Replies: 0
    Last Post: 02-22-2008, 04:10 PM
  4. Replies: 2
    Last Post: 03-05-2007, 07:58 AM
  5. how to block all attachment ?
    By updatemyself in forum Administrators
    Replies: 4
    Last Post: 12-05-2006, 08:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •