On Sun, Dec 15, 2002 at 12:43:31PM -0600, Jonathan Angliss wrote:
> > Makes no sense as line 153 is
>
> > } else {
>
> argh... my PC crashed when I was writing the original email, and the
> devel one got the line the stable should have got. Line 153 *should*
> say 157 I believe (the end of the sqsession_destroy in case I messed
> up again).
That doesn't help. However, I noticed that another thing you changed
was that the setcookie calls in sqsession_destroy no longer uses
$base_uri as the cookie path. This is definitely an error. It creates,
for one thing, empty cookies in $base_uri/src which are never
overwritten (because later versions are created in the correct place)
and which mask the correct values.
So I changed src/global.php as shown below. And now I can log in.
function sqsession_destroy() {
global $base_uri;
/*
* php.net says we can kill the cookie by setting just the name:
* http://www.php.net/manual/en/function.setcookie.php
* maybe this will help fix the session merging again.
*
* Changed the theory on this to kill the cookies first starting
* a new session will provide a new session for all instances of
* the browser, we don't want that, as that is what is causing the
* merging of sessions.
*/
$cookie_params = session_get_cookie_params();
setcookie(session_name(), '', time() - 5, $cookie_params['path'],
$cookie_params['domain']);
setcookie('username','',time() - 5,$base_uri);
setcookie('key','',time() - 5,$base_uri);
$sessid = session_id();
if (!empty( $sessid )) {
if ( !check_php_version(4,1) ) {
global $HTTP_SESSION_VARS;
$HTTP_SESSION_VARS = array();
} else {
$_SESSION = array();
}
@session_destroy;
}
}
--
Bruce
I am now a little wary of bananas.
msg01271/pgp00000.pgp
Description: PGP signature
