Mr. B. Vrieling wrote: > Hi all, > > While I won't claim that I have fixed *the* session expiry problem, if the > lack of recent complaints from my users is any indication, I have fixed *my* > session expiry problem. > > Following up on a tip from Thomas, I disabled the > rcmail_authenticate_session() function in /program/include/main.inc. As > Thomas explained, this piece of code does a double check on a cookie dropped > in the client as a security check. To disable it, I changed the "return > $valid;" at the end of this function to "return TRUE;" and the complaints I > had been receiving died just like that.
At least we're digging in the right direction... I added some fall back checking to that methods. Please get the latest trunk and try it out. Regards, Thomas
