Mr. B. Vrieling wrote:
Hi all,
While I won't claim that I have fixed *the* session expiry problem, if the lack of recent complaints from my users is any indication, I have fixed *my* session expiry problem.
Following up on a tip from Thomas, I disabled the rcmail_authenticate_session() function in /program/include/main.inc. As Thomas explained, this piece of code does a double check on a cookie dropped in the client as a security check. To disable it, I changed the "return $valid;" at the end of this function to "return TRUE;" and the complaints I had been receiving died just like that.
At least we're digging in the right direction... I added some fall back checking to that methods. Please get the latest trunk and try it out.
Regards, Thomas