From: Marc Groot Koerkamp <marc@sq...> - 2005-10-15 17:01:45
The idea from Thijs last week is now fully implemented in 1.5.1 CVS.
SquirrelMail if IE6 is the browser.
In order to achieve this I created 2 extra functions, sqsession_start and
sqsetcookie sets the cookie by making use of the header function instead
of the php setcookie function. That gave us more freedom and made it
possible to add the extra cookie attribute (HtppOnly).
sqsession_start starts the session with session_start. After that i
rewrite the cookie containing the SQMSESSID value (the session id) with
the sqsetcookie function in order to achieve the HttpOnly attribute also
is set on the session id.
I hope everything keeps working (it works for me on IE6 and FF 1.07). If
not, please report it through the proper channels.
Marc Groot Koerkamp.