From bc3acc5a08b71cd6c73daff3e3a524f76223be4e Mon Sep 17 00:00:00 2001
From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Fri, 2 Nov 2007 18:51:38 +0000
Subject: [PATCH] Allow custom session handlers to work correctly (and be
 defined at the application level with SquirrelMail) -- TODO: Cannot forget to
 add info about this to the docs!

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12756 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog        |  2 ++
 include/init.php | 45 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c093b6ee..8d1a77bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -227,6 +227,8 @@ Version 1.5.2 - SVN
     etc. (#1818398).
   - PAGE_NAME might not be defined in all plugins, which might cause a
     "not defined" error on session timeouts.
+  - Allow custom session handlers to work correctly (and be defined at the
+    application level with SquirrelMail).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/include/init.php b/include/init.php
index 1f107726..d677942d 100644
--- a/include/init.php
+++ b/include/init.php
@@ -251,6 +251,51 @@ if (PAGE_NAME == 'login') {
     if (!empty($_SESSION))
         $_SESSION = array();
 
+    /**
+     * Allow administrators to define custom session handlers
+     * for SquirrelMail without needing to change anything in
+     * php.ini (application-level).
+     *
+     * In config_local.php, admin needs to put:
+     *
+     *     $custom_session_handlers = array(
+     *         'my_open_handler',
+     *         'my_close_handler',
+     *         'my_read_handler',
+     *         'my_write_handler',
+     *         'my_destroy_handler',
+     *         'my_gc_handler',
+     *     );
+     *     session_module_name('user');
+     *     session_set_save_handler(
+     *         $custom_session_handlers[0],
+     *         $custom_session_handlers[1],
+     *         $custom_session_handlers[2],
+     *         $custom_session_handlers[3],
+     *         $custom_session_handlers[4],
+     *         $custom_session_handlers[5]
+     *     );
+     *
+     * We need to replicate that code once here because PHP has
+     * long had a bug that resets the session handler mechanism
+     * when the session data is also destroyed.  Because of this
+     * bug, even administrators who define custom session handlers
+     * via a PHP pre-load defined in php.ini (auto_prepend_file)
+     * will still need to define the $custom_session_handlers array
+     * in config_local.php.
+     */
+    global $custom_session_handlers;
+    if (!empty($custom_session_handlers)) {
+        $open    = $custom_session_handlers[0];
+        $close   = $custom_session_handlers[1];
+        $read    = $custom_session_handlers[2];
+        $write   = $custom_session_handlers[3];
+        $destroy = $custom_session_handlers[4];
+        $gc      = $custom_session_handlers[5];
+        session_module_name('user');
+        session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
+    }
+
     sqsession_is_active();
     session_regenerate_id();
 
-- 
2.25.1