That should be "index.php" not "login.php" of course. :)
On May 31, 2006, at 8:40 AM, [EMAIL PROTECTED] wrote:
I didn't see it listed in the trac Tickets, but I wanted to see if
this was a bug.
Login into Roundcube, and then leave by visiting another site,
closing the window, etc. Now return to the main Roundcube index
(e.g. www.domain.com/webmail). You'll see "Your session is
invalid", even though your session is only seconds/minutes old, and
you'll need to re-login.
I found that this error was being produced from "login.php", at
line 174:
if ($_auth !== $sess_auth
Because "$_auth" has no value, set on line 92:
$_auth = get_input_value('_auth', RCUBE_INPUT_GPC);
Which looks for an "_auth" cookie, which never exists.
I fixed this by setting the "_auth" cookie when the session is
created. Added at line 101 in "program/include/main.inc":
setcookie("_auth",$sess_auth);
Is this OK? Would it be better to remove the "$_auth !==
$sess_auth" test altogether? (everything seemed to work when I did
that, since "sess_auth" is used where important?).
Rich
