Hello,

I've been working on a simple ZMS administration interface for our Customer Support department, and one of the big issues is the way the "view mail" system works. Using the offical Admin interface or my own hand-crafted SOAP interface, using preauth (clicking "view mail" in the Admin interface) ships the browser to a URL such as "http://webmail.example.com/service/preauth?authtoken=", in which the HTTP header:

Set-Cookie: ZM_AUTH_TOKEN=MY_REALLY_LONG_AUTH_STRING;Path=/


appears. My issue is this: Many of my support agents use a single browser intance to do their jobs (ie, Firefox with many tabs, etc). When this "view mail" action happens, it kills their currnet cookie with the mail server, thus, logging them out of their own mail instance.

The best solution here is to somehow tell preauth not to set a cookie, but rather just to set a session. If this isnt poissible due to the backend of Zimbra, possibly one could mangle the _name_ of the cookie?


Thanks for all your help ahead of time. As usual, I will post here if I manage to figure this out myself.


- Seandon Mooy