From: <pdo...@us...> - 2008-09-23 01:12:40
|
Revision: 13281 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13281&view=rev Author: pdontthink Date: 2008-09-23 01:12:29 +0000 (Tue, 23 Sep 2008) Log Message: ----------- Fix session autostart code - session_name() return value does not indicate session has started; Remove dead code (cookie cleanup) Modified Paths: -------------- trunk/squirrelmail/include/init.php Modified: trunk/squirrelmail/include/init.php =================================================================== --- trunk/squirrelmail/include/init.php 2008-09-19 23:58:19 UTC (rev 13280) +++ trunk/squirrelmail/include/init.php 2008-09-23 01:12:29 UTC (rev 13281) @@ -258,12 +258,12 @@ * When session.auto_start is On we want to destroy/close the session */ $sSessionAutostartName = session_name(); -$sCookiePath = null; -if (isset($sSessionAutostartName) && $sSessionAutostartName !== $session_name) { +$sSessionAutostartID = session_id(); +if (!empty($sSessionAutostartID) && $sSessionAutostartName !== $session_name) { $sCookiePath = ini_get('session.cookie_path'); $sCookieDomain = ini_get('session.cookie_domain'); // reset the cookie - setcookie($sSessionAutostartName,'',time() - 604800,$sCookiePath,$sCookieDomain); + sqsetcookie($sSessionAutostartName,'',1,$sCookiePath,$sCookieDomain); @session_destroy(); session_write_close(); } @@ -514,22 +514,6 @@ */ $icon_theme_path = (!$use_icons || $icon_theme=='none') ? NULL : ($icon_theme == 'template' ? SM_PATH . Template::calculate_template_images_directory($sTemplateID) : $icon_theme); - /** - * cleanup old cookies with a cookie path the same as the standard php.ini - * cookie path. All previous SquirrelMail version used the standard php.ini - * cookie path for storing the session name. That behaviour changed. - */ - if ($sCookiePath !== SM_BASE_URI) { - /** - * do not delete the standard sessions with session.name is i.e. PHPSESSID - * because they probably belong to other php apps - */ - if (ini_get('session.name') !== $sSessionAutostartName) { - // This does not work. Sometimes the cookie with SQSESSID=deleted and path / - // is picked up in webmail.php => login will fail - //sqsetcookie(ini_get('session.name'),'',0,$sCookiePath); - } - } break; default: require(SM_PATH . 'functions/display_messages.php' ); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |