From bc3acc5a08b71cd6c73daff3e3a524f76223be4e Mon Sep 17 00:00:00 2001 From: pdontthink Date: Fri, 2 Nov 2007 18:51:38 +0000 Subject: [PATCH] Allow custom session handlers to work correctly (and be defined at the application level with SquirrelMail) -- TODO: Cannot forget to add info about this to the docs! git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12756 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- ChangeLog | 2 ++ include/init.php | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/ChangeLog b/ChangeLog index c093b6ee..8d1a77bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -227,6 +227,8 @@ Version 1.5.2 - SVN etc. (#1818398). - PAGE_NAME might not be defined in all plugins, which might cause a "not defined" error on session timeouts. + - Allow custom session handlers to work correctly (and be defined at the + application level with SquirrelMail). Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/include/init.php b/include/init.php index 1f107726..d677942d 100644 --- a/include/init.php +++ b/include/init.php @@ -251,6 +251,51 @@ if (PAGE_NAME == 'login') { if (!empty($_SESSION)) $_SESSION = array(); + /** + * Allow administrators to define custom session handlers + * for SquirrelMail without needing to change anything in + * php.ini (application-level). + * + * In config_local.php, admin needs to put: + * + * $custom_session_handlers = array( + * 'my_open_handler', + * 'my_close_handler', + * 'my_read_handler', + * 'my_write_handler', + * 'my_destroy_handler', + * 'my_gc_handler', + * ); + * session_module_name('user'); + * session_set_save_handler( + * $custom_session_handlers[0], + * $custom_session_handlers[1], + * $custom_session_handlers[2], + * $custom_session_handlers[3], + * $custom_session_handlers[4], + * $custom_session_handlers[5] + * ); + * + * We need to replicate that code once here because PHP has + * long had a bug that resets the session handler mechanism + * when the session data is also destroyed. Because of this + * bug, even administrators who define custom session handlers + * via a PHP pre-load defined in php.ini (auto_prepend_file) + * will still need to define the $custom_session_handlers array + * in config_local.php. + */ + global $custom_session_handlers; + if (!empty($custom_session_handlers)) { + $open = $custom_session_handlers[0]; + $close = $custom_session_handlers[1]; + $read = $custom_session_handlers[2]; + $write = $custom_session_handlers[3]; + $destroy = $custom_session_handlers[4]; + $gc = $custom_session_handlers[5]; + session_module_name('user'); + session_set_save_handler($open, $close, $read, $write, $destroy, $gc); + } + sqsession_is_active(); session_regenerate_id(); -- 2.25.1