"Your session is invalid..." Fix (?)

richs at whidbey.net richs at whidbey.net
Wed May 31 17:45:25 CEST 2006


That should be "index.php" not "login.php" of course. :)

On May 31, 2006, at 8:40 AM, richs at whidbey.net wrote:

> I didn't see it listed in the trac Tickets, but I wanted to see if  
> this was a bug.
>
> Login into Roundcube, and then leave by visiting another site,  
> closing the window, etc.  Now return to the main Roundcube index  
> (e.g. www.domain.com/webmail).  You'll see "Your session is  
> invalid", even though your session is only seconds/minutes old, and  
> you'll need to re-login.
>
> I found that this error was being produced from "login.php", at  
> line 174:
>
> 	if ($_auth !== $sess_auth
>
> Because "$_auth" has no value, set on line 92:
>
> 	$_auth = get_input_value('_auth', RCUBE_INPUT_GPC);
>
> Which looks for an "_auth" cookie, which never exists.
>
> I fixed this by setting the "_auth" cookie when the session is  
> created.  Added at line 101 in "program/include/main.inc":
>
> 	setcookie("_auth",$sess_auth);
>
> Is this OK?  Would it be better to remove the "$_auth !==  
> $sess_auth" test altogether? (everything seemed to work when I did  
> that, since "sess_auth" is used where important?).
>
> Rich
>
>
>
>





More information about the Dev mailing list