From 281c3d5b16b0e6031a2175c96e74e07371e87a6e Mon Sep 17 00:00:00 2001 From: jangliss Date: Sat, 14 Dec 2002 06:28:03 +0000 Subject: [PATCH] Sync'ing global.php with stable to fix multi-session merges, and also start a session when trying to set a value to it vai $_SESSION. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4271 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/global.php | 62 +++++++++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/functions/global.php b/functions/global.php index a2b146ff..bf32b295 100644 --- a/functions/global.php +++ b/functions/global.php @@ -79,6 +79,9 @@ function sqstripslashes(&$array) { } function sqsession_register ($var, $name) { + + sqsession_is_active(); + if ( !check_php_version(4,1) ) { global $HTTP_SESSION_VARS; $HTTP_SESSION_VARS[$name] = $var; @@ -90,6 +93,9 @@ function sqsession_register ($var, $name) { } function sqsession_unregister ($name) { + + sqsession_is_active(); + if ( !check_php_version(4,1) ) { global $HTTP_SESSION_VARS; unset($HTTP_SESSION_VARS[$name]); @@ -139,29 +145,49 @@ function sqextractGlobalVar ($name) { } function sqsession_destroy() { - global $base_uri; - /* start session to be able to destroy it later */ - session_start(); + /* + * php.net says we can kill the cookie by setting just the name: + * http://www.php.net/manual/en/function.setcookie.php + * maybe this will help fix the session merging again. + * + * Changed the theory on this to kill the cookies first starting + * a new session will provide a new session for all instances of + * the browser, we don't want that, as that is what is causing the + * merging of sessions. + */ - if ( !check_php_version(4,1) ) { - global $HTTP_SESSION_VARS; - $HTTP_SESSION_VARS = array(); - } - else { - $_SESSION = array(); + setcookie(session_name()); + setcookie('username'); + setcookie('key'); + + $sessid = session_id(); + if (!empty( $sessid )) { + if ( !check_php_version(4,1) ) { + global $HTTP_SESSION_VARS; + $HTTP_SESSION_VARS = array(); + } else { + $_SESSION = array(); + } + @session_destroy; } - /* - * now reset cookies to 5 seconds ago to delete from browser - */ +} - @session_destroy(); - $cookie_params = session_get_cookie_params(); - setcookie(session_name(), '', time() - 5, $cookie_params['path'], - $cookie_params['domain']); - setcookie('username', '', time() - 5, $base_uri); - setcookie('key', '', time() - 5 , $base_uri); +/* + * Function to verify a session has been started. If it hasn't + * start a session up. php.net doesn't tell you that $_SESSION + * (even though autoglobal), is not created unless a session is + * started, unlike $_POST, $_GET and such + */ + +function sqsession_is_active() { + + $sessid = session_id(); + if ( empty( $sessid ) ) { + session_start(); + } } + ?> -- 2.25.1