Ticket #1483986 (Bugs) Session expires

Thomas Bruederli roundcube at gmail.com
Fri Sep 8 11:08:11 CEST 2006


Mr. B. Vrieling wrote:
> Hi all,
> 
> While I won't claim that I have fixed *the* session expiry problem, if the lack of recent complaints from my users is any indication, I have fixed *my* session expiry problem.
> 
> Following up on a tip from Thomas, I disabled the rcmail_authenticate_session() function in /program/include/main.inc. As Thomas explained, this piece of code does a double check on a cookie dropped in the client as a security check. To disable it, I changed the "return $valid;" at the end of this function to "return TRUE;" and the complaints I had been receiving died just like that.

At least we're digging in the right direction...
I added some fall back checking to that methods. Please get the latest
trunk and try it out.

Regards,
Thomas





More information about the Dev mailing list