Screen shots

Junk Email Filter

Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

TODO: Integrate this page into LoginError.

[If you are using a custom session handler, say for storing in a database, that handler will not work with SquirrelMail. Just enable session.use_cookies = 1 either in php.ini, or put in a .htaccess file as mentioned previously, OR in a <directory> container for that virtual host if all else fails.]


I also had the "Must be logged in" error. It turns out to be an issue with setcookie and header(), so if you're working on a Windows platform, check out [this tracker item] for a better explanation.

[email protected]

Changing session.auto_start to 1 in php.ini fixed the problem for me. I used the default Netscape settings.

The ZoneAlarm firewall was causing this error also, which was strange because I could log in thru https:// but not http://.

I turned ZoneAlarm off, logged in, and then turned ZoneAlarm back on and since then its been fine (have not had to shut down ZoneAlarm to get in since this once instance).

I had to do this to get SquirrelMail 1.4.2 running on Win2k, in the redirect.php file, find\n

header("Location: $redirect_url");

comment out this line, i.e.\n

// header("Location: $redirect_url");

immediately after it, put\n

echo "<html><head><META

Save the redirect.php file

I'm having trouble with SquirrelMail and Firefox. The problems started after I was forced to reinstall my whole system, but I managed to save all the configurations. Now I can log in to SquirrelMail with Firefox and see the list of all folders and also the contents of the inbox, but if I try to do anything I get the "You must be logged in to access this page"-message. This does not happen with IE, Mozilla or Konqueror. I've been monitoring the system and for some reason nothing appears in the session directory when using Firefox, and Firefox does not receive the SQMSESSID-cookie. I'm using SquirrelMail 1.4.4, PHP 4.3.10 and Apache 2.0.52 (all from Debian/Sarge). I also haven't had any trouble with my own, session based, stuff. And oh, almost forgot to mention that Firefox allows cookies, and I have tried this on several different machines. And another thing, I have tried all proposed fixes and none have worked.
- vesse
Have you tried disabling all plugins, so you are running with only a default SquirrelMail? If that works, try enabling one plugin at a time until you isolate the plugin causing the problem (then notify the developer!)
Paul Hansen, 2005-02-02
Yes, I have, and the problem stayed. But, now I think it's not SquirrelMail that's causing the trouble. I've had a virtual domain for SquirrelMail previously, and it has worked just fine. Now I tried to just to create an alias under the main domain for SquirrelMail (ie. www.mydomain.invalid/squirrelmail instead of webmail.mydomain.invalid) and now it works also with Firefox. So strange, so strange. Now I'll try to figure out the cause of this behaviour.
- vesse
I recently created a fresh install of SquirrelMail as a subdirectory of my normal, live installation, so I could add in my plugins and test it out. With Firefox (which is normally all I use) I had numerous cookie issues (like I would get the sidebar, but the login error in the left pane). But, restarting the browser did fix the problem...did you search your local computer for any lingering SquirrelMail cookie and remove it?
Paul Hansen
Tried it now, completely removed ~/.mozilla, no effect. But since it works via the directory alias under the main domain, I changed the index.php of squirrelmail so that if HTTP_USER_AGENT contains string Firefox the user will be redirected to the directory alias of the main domain and for the rest it does the normal redirection in which the users stay on the virtual domain (and the actual code files used are the very same, those two approaches are just in apache's configuration). Yeah, I know, not very elegant but at least now it works for all my users.
- vesse (2005-02-07)
I've been having this problem for a few months now, and I can't determine what is causing it exactly. We are running apache 2.0.48 (and php 4.3.4).
The You Must Be Logged in to Access This Page happens sporadically and I haven't been able to find a pattern, or anything in the logs to guide me to the problem. All reports so far are indeed with Mozilla Firefox, but I am not 100% sure it happens only with this browser.
One [tracker item] says it's a race condition.
Maybe it has to do with the threads/processes in Apache 2 conflicting with SquirrelMail? The PHP people recommend not using Apache 2 with PHP.
Another thing maybe worth mentioning is that I am using the HTTPS redirect plugin.
Vesse, could you please explain to us how to implement your approach?
- GK (2005-02-11)
For the Fedora Core / Apache 2 / https login problem relating to Mozilla Firefox, try this: (Firefox was actually correct in showing this problem, since the server setup wasn't safe )
  • Disable the SquirrelMail HTTPS redirect plugin (Apache 2 takes care of that when you have your mail done in a separate https Virtual Host container)
  • Make sure a /usr/share/squirrelmail/favicon.ico exists.
  • Add the SquirrelMail folder to your /etc/httpd/conf/ httpd.conf to let Apache (thus Firefox) know it's okay, like this:\n
    <Directory "/usr/share/squirrelmail">
      Options Indexes FollowSymLinks ExecCGI Includes MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
also be absolutely certain:\n
<Files ~ "\.(cgi|shtml|phtml|pl|php3)$">
  SSLOptions +StdEnvVars
<Directory "/usr/share/squirrelmail">
  SSLOptions +StdEnvVars
is in your /etc/httpd/conf.d/ssl.conf
  • Make sure the directory where PHP stores its sessions is readable/writeable by the web server user; That is to say, the directory configured in php.ini: session.save_path = /var/lib/php/session needs permissions 40770 (Octal) and user:group root:apache in case of Fedora Core.
  • Make sure the directory /var/lib/squirrelmail/prefs has permissions 40700 (Octal) and user of your httpd (usually apache).
All this solved it (using SquirrelMail 1.4.* and Apache 2*. ~Julius, Amsterdam, NL.
P.S. Also see my [Virtual Host container example].
What I did was I added the following in the Apache config for www.example.com:\n
Alias /squirrelmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
  Options Indexes FollowSymLinks
  <IfModule mod_dir.c>
    DirectoryIndex index.php
Then I changed index.php (/usr/share/squirrelmail/index.php on my server) to this:\n
if (isset($_SERVER["HTTP_USER_AGENT"])) {
  if (strpos($_SERVER["HTTP_USER_AGENT"], "Firefox") === false) {
    header('Location: src/login.php');
  } else {
    header("Location: https://www.example.com/squirrelmail/src/login.php");
} else {
  header('Location: src/login.php');

So if the string Firefox is found, user is redirected to the login page of SquirrelMail in the www.example.com, otherwise user is redirected to webmail.example.com/src/login.php. The redirection needs to be straight to login.php, otherwise it would loop in the index.php forever.
- vesse (2005-02-15)
Having the same problem with Firefox, Apache2 with dynamic virtual hosts and SquirrelMail 1.4.5. No plugins in Firefox or SquirrelMail; Other browsers work. None of the fixes suggested above worked. I'm sure it has something to do with the server setup, but I can't figure out what. [This page] was interesting.
/ AC (2005-07-18)
Possible Cause: Corrupt Cookies?
We've found that the cookies can go bad. What this means we do not know. Try going into your browser settings and deleting all your cookies. Try logging in again and it should work. I made backups of the 'bad' cookies and compared them with the newly created 'good' cookies and didn't learn anything much. If this happens to someone again try pasting the bad vs good cookies here (minus personal data) or send them to the devel team.
Still doesn't work.
Windows XP / Apache 1.3 / PHP 4 / Perl
  • Changed redirect.php
  • session.auto_start = 1
  • session.use_cookies = 1
  • All extensions are enabled
  • No errors in access or error logs
What to do?
Make sure the directory where PHP stores its sessions is readable/writeable by the web server user.
In my case the directory configure in php.ini: session.save_path = /var/lib/php/session
The group on this directory was 'apache' but the web user was configured as 'nobody'
Fix: chgrp nobody session.save_path = /var/lib/php/session
Problem soved?
SquirrelMail & Red Hat ES 4. Never could get it to work using any of the workarounds described in here.
Magically it now works with Firefox 1.5!! Tried with Linux, Windows & Mac OSX.
Possibly not solved... (2006-02-10)
Getting this error with IE only. Cannot duplicate in Firefox for windows or Firefox, Opera, Konqueror or lynx. All of them work. The problem presents itself after logging in when attempting to access a folder other than the inbox. Again this only occurs with IE.
Possibly solved (2006-06)
I had the problem yesterday, where header("location: $url"); was not working. I realised that it was probably a blank space after a closing ?> on a pure PHP include file. It was that. There was an erroneous new line after the final ?> in one file which obviously was outputting undetected to the browser. Simple mistake.
Another possibility is when writing PHP using older software, even dreamweaver, there could be one or two odd characters that don't show up in the editing pane. Open files in notepad if you've checked for erroneous white space.
© 1999-2016 by The SquirrelMail Project Team