Ticket #1483986 (Bugs) Session expires

Mr. B. Vrieling bvrieling at tdchristian.ca
Wed Sep 6 17:16:24 CEST 2006


Thomas,

Thanks a lot for your input.

Further question:

On Wed, 06 Sep 2006 08:17:56 +0200, Thomas Bruederli <roundcube at gmail.com> wrote:
> Another place to debug this problem is in function
> rcmail_authenticate_session() which can be found in main.inc. If you set
> $CONFIG['session_lifetime'] to FALSE, the time check will be avoided but
> the validity of the session still will be checked in
> rcmail_authenticate_session()

Is that a new change? In beta2, session_lifetime is a value, not a boolean. If I were to set it to FALSE, some of the math would be odd.... like here:

ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']+2)*60);

> Some time ago, I removed the _auth hash in all URLs and added a second
> cookie that changes every 5 minutes. When the client sends it's
> keep-alive signal, a new cookie will be sent. To disable this security
> check, you simple let rcmail_authenticate_session() always return true.
> 
> I hope these explanations will help you debug this. I'm really keen on
> what's the problem here...

I'll poke, and report back what I find.

Thanks for the help!

..Bruce






More information about the Dev mailing list