Dear RoundCube developers,
first of all thank you for the development of RoundCube! Even in this
pre-1.0 state, this project looks very promising. I'm looking forward
for the further development.
For a customer we are using an ini-setting session.cookie_lifetime which
is non-zero, so the session is still open if the browser gets closed.
With this setting, a login to RoundCube was not possible. I tracked the
problem down to the function sess_regenerate_id() in
program/include/session.inc. The parameters passed to the call to
setcookie are not right. A possible solution may be the following:
session_id($random);
$cookie = session_get_cookie_params();
- setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']);
+ $expire = ($cookie['lifetime'] == 0) ? 0 : time() + $cookie['lifetime'];
+ setcookie(session_name(), $random, $expire, $cookie['path']);
return true;
setcookie does not expect the lifetime but an expiry unix timestamp.
If the cookie lifetime is 0 (session cookie) nothing changes.
Otherwise, if the lifetime is non-zero we need to add the current time.
I'm sorry for not using your bugtracker, but i didn't find a "report
bug" form. Anyhow, i hope the patch will get applied.
Thanks in advance and best regards,
Sebastian
--
Sebastian Petters
www.4wdmedia.de
_______________________________________________
List info: http://lists.roundcube.net/dev/
