On 8/10/07, Sebastian Petters / 4wd media <[EMAIL PROTECTED]> wrote: > Dear RoundCube developers, > > first of all thank you for the development of RoundCube! Even in this > pre-1.0 state, this project looks very promising. I'm looking forward > for the further development. > > For a customer we are using an ini-setting session.cookie_lifetime which > is non-zero, so the session is still open if the browser gets closed. > With this setting, a login to RoundCube was not possible. I tracked the > problem down to the function sess_regenerate_id() in > program/include/session.inc. The parameters passed to the call to > setcookie are not right. A possible solution may be the following: > > session_id($random); > $cookie = session_get_cookie_params(); > - setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']); > + $expire = ($cookie['lifetime'] == 0) ? 0 : time() + $cookie['lifetime']; > + setcookie(session_name(), $random, $expire, $cookie['path']); > > return true; > > setcookie does not expect the lifetime but an expiry unix timestamp. > If the cookie lifetime is 0 (session cookie) nothing changes. > Otherwise, if the lifetime is non-zero we need to add the current time.
Standard behavior on webmails is, that when you close the browser, the session is gone. I wouldn't want it any other way. Of course this is not as "important" as online banking but on the other hand important enough. I think what you are asking for would ask for a config-option, so if you implement it that way I would have no objections. ;-) Feedback? > I'm sorry for not using your bugtracker, but i didn't find a "report > bug" form. Anyhow, i hope the patch will get applied. We run everything on http://trac.roundcube.net Till _______________________________________________ List info: http://lists.roundcube.net/dev/
