summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2008-09-25 13:30:18 +0000
committerthomascube <thomas@roundcube.net>2008-09-25 13:30:18 +0000
commitcefd1d8c913aa81ddce83e9de7f5bfb22aa4b2d9 (patch)
tree695d794292a1468ddfdfb3812f2be408c43c0017
parentcc4b36b143fbcdaa1895a732c54eb19a55b953cf (diff)
DRY: set (secure) cookies using rcmail::setcookie() + set session.only_use_cookies
Diffstat
-rwxr-xr-xprogram/include/iniset.php1
-rw-r--r--program/include/rcmail.php21
-rw-r--r--program/include/session.inc4
3 files changed, 19 insertions, 7 deletions
diff --git a/program/include/iniset.php b/program/include/iniset.php
index 20fe27996..5ef5b7db7 100755
--- a/program/include/iniset.php
+++ b/program/include/iniset.php
@@ -52,6 +52,7 @@ if (set_include_path($include_path) === false) {
ini_set('session.name', 'roundcube_sessid');
ini_set('session.use_cookies', 1);
+ini_set('session.only_use_cookies', 1);
ini_set('session.gc_maxlifetime', 21600);
ini_set('session.gc_divisor', 500);
ini_set('error_reporting', E_ALL&~E_NOTICE);
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 10395b095..33bc38b4b 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -728,9 +728,7 @@ class rcmail
if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now - $_SESSION['auth_time'] > 300)) {
$_SESSION['last_auth'] = $_SESSION['auth_time'];
$_SESSION['auth_time'] = $now;
- $cookie = session_get_cookie_params();
- setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0, $cookie['path'],
- $cookie['domain'], $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
+ rcmail::setcookie('sessauth', $this->get_auth_hash(session_id(), $now), 0);
}
}
else {
@@ -753,7 +751,7 @@ class rcmail
public function kill_session()
{
$_SESSION = array('language' => $this->user->language, 'auth_time' => time(), 'temp' => true);
- setcookie('sessauth', '-del-', time() - 60);
+ rcmail::setcookie('sessauth', '-del-', time() - 60);
$this->user->reset();
}
@@ -911,6 +909,21 @@ class rcmail
}
return $url;
}
+
+
+ /**
+ * Helper method to set a cookie with the current path and host settings
+ *
+ * @param string Cookie name
+ * @param string Cookie value
+ * @param string Expiration time
+ */
+ public static function setcookie($name, $value, $exp = 0)
+ {
+ $cookie = session_get_cookie_params();
+ setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'],
+ ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off')));
+ }
}
diff --git a/program/include/session.inc b/program/include/session.inc
index ad66f0c40..f9b7f86a4 100644
--- a/program/include/session.inc
+++ b/program/include/session.inc
@@ -183,9 +183,7 @@ function rcube_sess_regenerate_id()
$cookie = session_get_cookie_params();
$lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
- setcookie(session_name(), '', time() - 3600);
- setcookie(session_name(), $random, $lifetime, $cookie['path'], $cookie['domain'],
- $_SERVER['HTTPS'] && ($_SERVER['HTTPS']!='off'));
+ rcmail::setcookie(session_name(), $random, $lifetime);
return true;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-08 14:11:02 +0000