"Your session is invalid..." Fix (?)

richs at whidbey.net richs at whidbey.net
Wed May 31 17:40:27 CEST 2006

I didn't see it listed in the trac Tickets, but I wanted to see if  
this was a bug.

Login into Roundcube, and then leave by visiting another site,  
closing the window, etc.  Now return to the main Roundcube index  
(e.g. www.domain.com/webmail).  You'll see "Your session is invalid",  
even though your session is only seconds/minutes old, and you'll need  
to re-login.

I found that this error was being produced from "login.php", at line  

	if ($_auth !== $sess_auth

Because "$_auth" has no value, set on line 92:

	$_auth = get_input_value('_auth', RCUBE_INPUT_GPC);

Which looks for an "_auth" cookie, which never exists.

I fixed this by setting the "_auth" cookie when the session is  
created.  Added at line 101 in "program/include/main.inc":


Is this OK?  Would it be better to remove the "$_auth !== $sess_auth"  
test altogether? (everything seemed to work when I did that, since  
"sess_auth" is used where important?).


More information about the Dev mailing list