Просмотр исходного кода

Added code to stop PHP using 'deleted' as a value for the session cookies on expiring them, and forcing a really old date for the expiry time (#1829098).

jangliss 17 лет назад
Родитель
Сommit
8ef79891ad
2 измененных файлов с 4 добавлено и 3 удалено
  1. 2 0
      ChangeLog
  2. 2 3
      functions/global.php

+ 2 - 0
ChangeLog

@@ -234,6 +234,8 @@ Version 1.5.2 - SVN
     John Callahan (#1808382).
   - Invalid initialization of To: header (#1772893).
   - Added SquirrelMail debug mode.
+  - Handle PHP's insistence on setting the value to 'deleted' for destroyed sessions
+    (#1829098).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

+ 2 - 3
functions/global.php

@@ -374,9 +374,8 @@ function sqsession_destroy() {
 
     global $base_uri, $_COOKIE, $_SESSION;
 
-    if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), '', 0, $base_uri);
-    if (isset($_COOKIE['username']) && $_COOKIE['username']) sqsetcookie('username','',0,$base_uri);
-    if (isset($_COOKIE['key']) && $_COOKIE['key']) sqsetcookie('key','',0,$base_uri);
+    if (isset($_COOKIE[session_name()]) && session_name()) sqsetcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri);
+    if (isset($_COOKIE['key']) && $_COOKIE['key']) sqsetcookie('key','SQMTRASH',1,$base_uri);
 
     $sessid = session_id();
     if (!empty( $sessid )) {