This must be a bug, the way function is written:
function check_auth()
{
$this->cookie = $_COOKIE[$this->cookiename];
$result = $this->ip_check ? rcube_utils::remote_addr() == $this->ip : true;
if (!$result) {
$this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . rcube_utils::remote_addr());
}
if ($result && $this->_mkcookie($this->now) != $this->cookie) {
$this->log("Session auth check failed for " . $this->key . "; timeslot = " . date('Y-m-d H:i:s', $this->now));
$result = false;
// Check if using id from a previous time slot
for ($i = 1; $i <= 2; $i++) {
$prev = $this->now - ($this->lifetime / 2) * $i;
if ($this->_mkcookie($prev) == $this->cookie) {
$this->log("Send new auth cookie for " . $this->key . ": " . $this->cookie);
$this->set_auth_cookie();
$result = true;
}
}
}
if (!$result) {
$this->log("Session authentication failed for " . $this->key
. "; invalid auth cookie sent; timeslot = " . date('Y-m-d H:i:s', $prev));
}
return $result;
}
if ($result && $this->_mkcookie($this->now) != $this->cookie) {
stored cookie will never be the same and just now generated, thus system will always generate errors:
[2014-06-26 15:55:51]: Session auth check failed for 7cf1fac0a882ab5da8cf882ebda7ed41; timeslot = 2014-06-26 15:55:00
[2014-06-26 15:55:51]: Send new auth cookie for 7cf1fac0a882ab5da8cf882ebda7ed41: S8f0f0174c3c9aac327fa962baa1882d24467661c
[2014-06-26 16:25:01]: Session auth check failed for 7cf1fac0a882ab5da8cf882ebda7ed41; timeslot = 2014-06-26 16:25:00
[2014-06-26 16:25:01]: Session authentication failed for 7cf1fac0a882ab5da8cf882ebda7ed41; invalid auth cookie sent; timeslot = 2014-06-26 16:15:00
[2014-06-26 16:45:31]: Session auth check failed for dc3f10f6ea260dd1e71539af384e299a; timeslot = 2014-06-26 16:45:00
[2014-06-26 16:45:31]: Send new auth cookie for dc3f10f6ea260dd1e71539af384e299a: S2063e42228ee17774891201c18734edbe23a219e
[2014-06-26 16:50:04]: Session auth check failed for dc3f10f6ea260dd1e71539af384e299a; timeslot = 2014-06-26 16:50:00
[2014-06-26 16:50:04]: Send new auth cookie for dc3f10f6ea260dd1e71539af384e299a: S1cd940b2d88a6ef19cad01d2d253a01473f57564
[2014-06-26 16:55:51]: Session auth check failed for dc3f10f6ea260dd1e71539af384e299a; timeslot = 2014-06-26 16:55:00
[2014-06-26 16:55:51]: Send new auth cookie for dc3f10f6ea260dd1e71539af384e299a: S113a4835930dad89878890b4647253635a46820f
[2014-06-26 17:05:05]: Session auth check failed for a1ac234a161014e842f78d03b65b6ac9; timeslot = 2014-06-26 17:05:00
[2014-06-26 17:05:05]: Send new auth cookie for a1ac234a161014e842f78d03b65b6ac9: S95f1a61486ffc58b08ec434df1f5ad1b7c1a8646
[2014-06-26 17:10:19]: Session auth check failed for a1ac234a161014e842f78d03b65b6ac9; timeslot = 2014-06-26 17:10:00
[2014-06-26 17:10:19]: Send new auth cookie for a1ac234a161014e842f78d03b65b6ac9: Sc4e20c1cca5257444f6d7c31f536f0fbd16ac946
[2014-06-26 17:20:52]: Session auth check failed for fc4fc0e5620876110db2a1dfbb445286; timeslot = 2014-06-26 17:20:00
[2014-06-26 17:20:52]: Send new auth cookie for fc4fc0e5620876110db2a1dfbb445286: S94a5b1614ffc5fefb55b957da829156e7761bbcc
[2014-06-26 19:00:38]: Session auth check failed for e87e792db3efe4fc52dc43afebc899f8; timeslot = 2014-06-26 19:00:00
[2014-06-26 19:00:38]: Send new auth cookie for e87e792db3efe4fc52dc43afebc899f8: S0d280d67d5a05fcee1464fa0acf7f17362097fdb
[2014-06-26 19:05:40]: Session auth check failed for e87e792db3efe4fc52dc43afebc899f8; timeslot = 2014-06-26 19:05:00
[2014-06-26 19:05:40]: Send new auth cookie for e87e792db3efe4fc52dc43afebc899f8: S4436dafb5786818fc50fb08f23bb407538371873
And will recover by sending new auth cookie.
And if you are on some plugin page, it will not make calls to the MAIL page, you'll never get new session cookies issued, and you miss _mkcookie($prev) previous cookie, thus logging you out when you try to access mail:
invalid auth cookie sent; timeslot = 2014-06-26 16:15:00
Crazy that nobody even cares to respond...