It took us several months to conclude in this and it happens under very certain circumstances.
and in file
to display by default html messages.
We noticed that behavior when some of our contacts have inline html images and when trying to view, reply or forward those emails using Horde.
What happens is that the token being used in the image request does not match the token used in the webmail session that the email is viewed in, so it kills the session. This can be shown in the login and session logs.
If you wish I can provide a more detailed log. please give me an email address to send this.
This token denied error happens each time the session dies in Horde. When I view source on the email that this occurs on, I see the incorrect token requested in one of the images.
As long as security tokens are enabled on the server, the Horde session will continue to be disconnected when a request to a resource is made that uses an invalid token for the active session. This is why it happens when viewing some emails but not others.
System Information
Code:
# grep token /var/cpanel/cpanel.config
xsrftokens=1
Code:
/usr/local/cpanel/base/horde/imp/config/mime_drivers.local.php
$mime_drivers['html']['inline'] = true;We noticed that behavior when some of our contacts have inline html images and when trying to view, reply or forward those emails using Horde.
What happens is that the token being used in the image request does not match the token used in the webmail session that the email is viewed in, so it kills the session. This can be shown in the login and session logs.
Code:
/usr/local/cpanel/logs/session_log
.....tokendenied [Too many token failures (3/3)].....
/usr/local/cpanel/logs/login_log
multiple errors of ...DEFERRED LOGIN webmaild: security token incorrect...This token denied error happens each time the session dies in Horde. When I view source on the email that this occurs on, I see the incorrect token requested in one of the images.
As long as security tokens are enabled on the server, the Horde session will continue to be disconnected when a request to a resource is made that uses an invalid token for the active session. This is why it happens when viewing some emails but not others.
System Information
Code:
[~]# /usr/local/cpanel/cpanel -V
60.0 (build 26)
[~]# grep '' /etc/redhat-release /usr/local/cpanel/version / var/cpanel/envtype ; grep CPANEL= /etc/cpupdate.conf ; httpd -v ; php -v ; mysql -V
/etc/redhat-release:CentOS release 6.8 (Final)
/usr/local/cpanel/version:11.60.0.26
/var/cpanel/envtype:kvm
CPANEL=release
Server version: Apache/2.4.23 (cPanel)
Server built: Nov 8 2016 16:57:01
ea-php-cli Copyright 2016 cPanel, Inc.
PHP 7.0.13 (cli) (built: Nov 14 2016 15:24:28) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies
mysql Ver 15.1 Distrib 10.1.19-MariaDB, for Linux (x86_64) using readline 5.1
