* It also has some session register functions that work across various
* php versions.
*
- * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @copyright © 1999-2007 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
sqsession_is_active();
- $_SESSION["$name"] = $var;
-
- session_register("$name");
+ $_SESSION[$name] = $var;
}
/**
// session_starts sets the sessionid cookie buth without the httponly var
// setting the cookie again sets the httponly cookie attribute
-
- sqsetcookie(session_name(),session_id(),false,$base_uri);
+ sqsetcookie(session_name(),$session_id,false,$base_uri);
}
* @param boolean $bHttpOnly Disallow JS to access the cookie (IE6 only)
* @return void
*/
-function sqsetcookie($sName,$sValue="",$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
+function sqsetcookie($sName,$sValue="deleted",$iExpire=0,$sPath="",$sDomain="",$bSecure=false,$bHttpOnly=true) {
// if we have a secure connection then limit the cookies to https only.
if ($sName && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$bSecure = true;
}
+
+ // admin config can override the restriction of secure-only cookies
+ global $only_secure_cookies;
+ if (!$only_secure_cookies)
+ $bSecure = false;
+
if (false && check_php_version(5,2)) {
// php 5 supports the httponly attribute in setcookie, but because setcookie seems a bit
// broken we use the header function for php 5.2 as well. We might change that later.
$Port = strpos($Domain, ':');
if ($Port !== false) $Domain = substr($Domain, 0, $Port);
}
-
+ if (!$sValue) $sValue = 'deleted';
header('Set-Cookie: ' . rawurlencode($sName) . '=' . rawurlencode($sValue)
. (empty($iExpires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s', $iExpires) . ' GMT')
. (empty($sPath) ? '' : '; path=' . $sPath)