I didn't see it listed in the trac Tickets, but I wanted to see if
this was a bug.
Login into Roundcube, and then leave by visiting another site,
closing the window, etc. Now return to the main Roundcube index
(e.g. www.domain.com/webmail). You'll see "Your session is invalid",
even though your session is only seconds/minutes old, and you'll need
to re-login.
I found that this error was being produced from "login.php", at line
174:
if ($_auth !== $sess_auth
Because "$_auth" has no value, set on line 92:
$_auth = get_input_value('_auth', RCUBE_INPUT_GPC);
Which looks for an "_auth" cookie, which never exists.
I fixed this by setting the "_auth" cookie when the session is
created. Added at line 101 in "program/include/main.inc":
setcookie("_auth",$sess_auth);
Is this OK? Would it be better to remove the "$_auth !== $sess_auth"
test altogether? (everything seemed to work when I did that, since
"sess_auth" is used where important?).
Rich