Login impossible with RC1

[AnotherOne]

I just switched from nightly-20070318 to RC1 (with a fresh database and files setup).

The problem with RC1 is that I am always kicked back to a clean login screen when I correctly entered username and password.
Strangely the last-login value in the users table is updated so I guess I am somehow 'halfway' logged in but can't get in.

The solution to this Problem was to remove the following lines from index.php:

  // create new session ID
  unset($_SESSION['temp']);
  sess_regenerate_id();

And I had to set $rcmail_config['ip_check'] = FALSE (previous versions worked fine with TRUE).
I guess the function sess_regenerate_id() makes some trouble but I have not looked in detail yet.

I tried to setup RC1 on several different webservers with (very!) different php settings and MySQL versions and allways got the same problem.
The previous nightly version worked fine on all platforms!

I think this 'bug' is very serious because many (new) RoundCube users will be locked out from using the great webmailer.

BTW: That select-multiple-messages bug is very annoying! How could something THAT obvious get into a ReleaseCandidate??

[midnightz]

I have the same problem. There are something wrong with SESSION. I found two 'sessid' with different value in session cookie.

I fixed the problem with only mark out two lines of
 
 // create new session ID
  unset($_SESSION['temp']);
  sess_regenerate_id();

[rockwilda]

Same problems here!

[robsontex]

I also was using nightly svn version with no problems. But when I tried to install rc1 in two Debian Sarge servers, I have exactly the same problem. One of them uses Apache 2.0.54 and PHP 5 and the other one, Apache 2.0.54 and PHP 4. After applying your proposed changes, Roundcube backs to work like a charm.

However, for some reason, in a Debian Etch server (Apache 2.2.3 and PHP 5), everything works fine with rc1. No changes were needed. So, the problem seems not to be in the client. Would it be some Apache related problem?

Best regards,
Robson

[AnotherOne]

I think I found the reason: the function sess_regenerate_id() does NOT work on systems with PHP setting session.auto_start On. At least I found a system on which RC1 worked with unchanged index.php and the only difference was this PHP option.
This should be very quickly corrected since many systems do have this PHP setting.

[robsontex]

You're absolutely right! If session.auto_start is set to 0, login works. But if session.auto_start is on, nothing happens. Did you see any problem after commenting those two lines in index.php?

Best regards,
Robson

[AnotherOne]

No, no problems after commenting those lines. I think sess_regenerate_id() is only for additional security reason but not critical.
May the author know its purpose

But anyway: I switched back to the nightly-20070318 since RC1 has so many more bugs that I can't use it any further.