diff options
author | thomascube <thomas@roundcube.net> | 2008-09-25 13:30:18 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2008-09-25 13:30:18 +0000 |
commit | cefd1d8c913aa81ddce83e9de7f5bfb22aa4b2d9 (patch) | |
tree | 695d794292a1468ddfdfb3812f2be408c43c0017 | |
parent | cc4b36b143fbcdaa1895a732c54eb19a55b953cf (diff) |
DRY: set (secure) cookies using rcmail::setcookie() + set session.only_use_cookies
-rwxr-xr-x | program/include/iniset.php | 1 | ||||
-rw-r--r-- | program/include/rcmail.php | 21 | ||||
-rw-r--r-- | program/include/session.inc | 4 |
3 files changed, 19 insertions, 7 deletions
diff --git a/program/include/iniset.php b/program/include/iniset.php index 20fe27996..5ef5b7db7 100755 --- a/program/include/iniset.php +++ b/program/include/iniset.php @@ -52,6 +52,7 @@ if (set_include_path($include_path) === false) { ini_set('session.name', 'roundcube_sessid'); ini_set('session.use_cookies', 1); +ini_set('session.only_use_cookies', 1); ini_set('session.gc_maxlifetime', 21600); ini_set('session.gc_divisor', 500); ini_set('error_reporting', E_ALL&~E_NOTICE); diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 10395b095..33bc38b4b 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -728,9 +728,7 @@ class rcmail if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) { $_SESSION['last_auth'] = $_SESSION['auth_time']; $_SESSION['auth_time'] = $now; - $cookie = session_get_cookie_params(); - setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0, $cookie['path'], - $cookie['domain'], $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off')); + rcmail::setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0); } } else { @@ -753,7 +751,7 @@ class rcmail public function kill_session() { $_SESSION = array('language' => $this->user->language, 'auth_time' => time(), 'temp' => true); - setcookie('sessauth', '-del-', time() - 60); + rcmail::setcookie('sessauth', '-del-', time() - 60); $this->user->reset(); } @@ -911,6 +909,21 @@ class rcmail } return $url; } + + + /** + * Helper method to set a cookie with the current path and host settings + * + * @param string Cookie name + * @param string Cookie value + * @param string Expiration time + */ + public static function setcookie($name, $value, $exp = 0) + { + $cookie = session_get_cookie_params(); + setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], + ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))); + } } diff --git a/program/include/session.inc b/program/include/session.inc index ad66f0c40..f9b7f86a4 100644 --- a/program/include/session.inc +++ b/program/include/session.inc @@ -183,9 +183,7 @@ function rcube_sess_regenerate_id() $cookie = session_get_cookie_params(); $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0; - setcookie(session_name(), '', time() - 3600); - setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'], - $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off')); + rcmail::setcookie(session_name(), $random, $lifetime); return true; } |