From 58154f59fc16322598e3a01937fbffdb97cdf62b Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 30 Apr 2012 21:04:53 +0000
Subject: Accept two past time slots for auth cookie validation; don't encode
 user-agent into session auth hash (#1488449)

---
 program/include/rcube.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/include/rcube.php')

diff --git a/program/include/rcube.php b/program/include/rcube.php
index 55dc4ee77..8bd9b76be 100644
--- a/program/include/rcube.php
+++ b/program/include/rcube.php
@@ -476,7 +476,7 @@ class rcube
             $this->session->set_keep_alive($keep_alive);
         }
 
-        $this->session->set_secret($this->config->get('des_key') . $_SERVER['HTTP_USER_AGENT']);
+        $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
         $this->session->set_ip_check($this->config->get('ip_check'));
     }
 
-- 
cgit v1.2.3