3 files changed, 15 insertions, 0 deletions

diff --git a/program/include/rcube.php b/program/include/rcube.php
index 84014ef5c..0e40b3c6b 100644
--- a/program/include/rcube.php
+++ b/program/include/rcube.php
@@ -405,12 +405,17 @@ class rcube
 
         $sess_name   = $this->config->get('session_name');
         $sess_domain = $this->config->get('session_domain');
+        $sess_path   = $this->config->get('session_path');
         $lifetime    = $this->config->get('session_lifetime', 0) * 60;
 
         // set session domain
         if ($sess_domain) {
             ini_set('session.cookie_domain', $sess_domain);
         }
+        // set session path
+        if ($sess_path) {
+            ini_set('session.cookie_path', $sess_path);
+        }
         // set session garbage collecting time according to session_lifetime
         if ($lifetime) {
             ini_set('session.gc_maxlifetime', $lifetime * 2);
diff --git a/program/include/rcube_output_html.php b/program/include/rcube_output_html.php
index 0a8f0e364..a071ee354 100644
--- a/program/include/rcube_output_html.php
+++ b/program/include/rcube_output_html.php
@@ -67,6 +67,11 @@ class rcube_output_html extends rcube_output
         $this->set_env('task', $task);
         $this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
 
+        // add cookie info
+        $this->set_env('cookie_domain', ini_get('session.cookie_domain'));
+        $this->set_env('cookie_path', ini_get('session.cookie_path'));
+        $this->set_env('cookie_secure', ini_get('session.cookie_secure'));
+
         // load the correct skin (in case user-defined)
         $skin = $this->config->get('skin');
         $this->set_skin($skin);
diff --git a/program/include/rcube_utils.php b/program/include/rcube_utils.php
index d1a8315ec..9f18b79c4 100644
--- a/program/include/rcube_utils.php
+++ b/program/include/rcube_utils.php
@@ -110,6 +110,11 @@ class rcube_utils
                 }
             }
 
+            // last domain part
+            if (preg_match('/[^a-zA-Z]/', array_pop($domain_array))) {
+                return false;
+            }
+
             $rcube = rcube::get_instance();
 
             if (!$dns_check || !$rcube->config->get('email_dns_check')) {