About | Documentation | Downloads | Plugins | Contribs | Project Site | |
From NaSMail 1.2 version interface can run on browsers without cookie support. This mode is turned on with $nsm_disable_cookies configuration option. You can find this option in NaSMail 'Interface Settings' menu section. Setting is not enabled by default.
Please note that in order to run without cookies, interface must remove some password security features. In standard operation mode NaSMail stores encrypted password in cookie and encryption key is stored in session. When cookies are disabled, all password information is stored in PHP session. Admin must make sure that session information is secured before switching to cookieless operation mode.
If you use PHP version between 4.3.0 and 5.0.0, you must make sure that session.use_trans_sid setting is turned on for NaSMail scripts. Setting can be set in .htaccess files, webserver configuration and php.ini. Turn on session.use_trans_sid in php.ini only when you can't use any other location.
For example: you can put this in Apache configuration
<directory /var/www/nasmail> php_flag session.use_trans_sid on </directory>
If you change $nsm_disable_cookies setting, all active sessions will be forced to relogin.
When cookies are disabled, login page can't detect language selected by end user. Login page will be displayed in default language.
Interface does not try to detect, if browser blocks cookies. Cookieless mode must be enabled by admin. Transparent switching between standard and cookieless mode might require more script modifications.
Cookieless mode is experimental. There are many changes in core scripts. Third party plugins might need updates to work in cookieless mode correctly.
If you run NaSMail in cookieless mode, report your issues on NaSMail bug tracker. Please provide information about your PHP version, configuration and broken features.
Copyright © 2006-2009 The NaSMail Project |