Hi there,

Out of interest.

Is there a specific reason why roundcube uses two cookies: sessid and sessauth?
I understand sessauth is used in the DB backend, but why isnt the ID/UID used that is returned by start_session (sessid)

Kind regards, Sean

Sean N. Heukels wrote:

My bad for <1> : ahum, a file is being ment

Sean N. Heukels wrote:
Found something strange in the code about error logging

<1>
in main.inc the errors directory is defined, but this directory does not exist. Does PHP complain about this?

// set PHP error logging according to config
if ($conf['debug_level'] & 1)
    {
    ini_set('log_errors', 1);
    ini_set('error_log', $conf['log_dir'].'/errors');
    }

<2>
In .htaccess in the root of roundcube there is a deny/allow statement for *.inc (suffix as .inc). Does this mean that if a user would know the directory format that he/she would be able to read/execute other file formats under the directory structure. For example files with the suffix php or log?

Kind regards, Sean