I had a client mail me with a problem with their SquirrelMail installation. For the record, I think their SquirrelMail has some “view as HTML” plug-in installed, and HTML messages seem to get viewed as HTML by default; but I’ve never really confirmed that.
Anyway, the problem was in one particular message. Whenever the user
clicked anything after reading the message, they were told they needed
to be logged in. They’d have to go back to the login page and login
again to continue using SquirrelMail. I tried to duplicate this on
Mozilla, but failed. Turned out you had to use IE (IE 6 on W2K here,
specifically) to recreate this. I did a few tcpdumps, and found out
that somehow the key cookie was getting lost. Presumably this is
necessary for SquirrelMail to consider you still in your logged-in
session. A little more inspection of the tcpdump output and I saw
it was requesting /squirrelmail/src/login.php, which was clearing out
the cookies apparently. Further, it was redirected there because of
an earlier request for /squirrelmail/src/.
I’ll go ahead and say that the message in question had a lot of broken
images in it, and it generally looked like shit. It kept requesting
things like /squirrelmail/src/Documents/foo.jpg for images embedded
in the HTML. It turns out a few of the <img> tags had src="" in
them. In IE, this requests /squirrelmail/src/ as the base URL at
that time is /squirrelmail/src/some-php-file.php?.... In Mozilla,
I’m guessing this requests (a) nothing, or (b) something that doesn’t
end up redirecting back to login.php. As near as I can tell,
src="" is legal, and should be resolved as IE was doing it. This
from a reading of the HTML 4.01
DTD and
RFC1808 section 4. So I’m not
sure IE is really to blame here. I never took the time to find out
what Mozilla was doing. (I’ll note that Mozilla 1.8 in Linux and
Firefox 1.0 in W2K both failed to exhibit this SquirrelMail problem.)