From c3d4275eae0b920a3d25a2d3ec57117693c37fc5 Mon Sep 17 00:00:00 2001 From: pdontthink Date: Wed, 6 Apr 2016 05:33:06 +0000 Subject: [PATCH] Per comments in the commit - setting the session cookie over and over can be troublesome, but doing the obvious and defaulting to *replace* cookies causes logins to fail due to something I don't care to debug - session cookie is complex through all the pages involved in a login request - instead we use a simple static cache to prevent useless duplicate cookie headers git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14552 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/global.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/functions/global.php b/functions/global.php index 68e6e70b..1883494a 100644 --- a/functions/global.php +++ b/functions/global.php @@ -589,6 +589,21 @@ function sqsession_start() { function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="", $bSecure=false, $bHttpOnly=true, $bReplace=false) { + // some environments can get overwhelmed by an excessive + // setting of the same cookie over and over (e.g., many + // calls to this function via sqsession_is_active() result + // in repeated setting of the session cookie when $bReplace + // is FALSE, but something odd happens (during login only) + // if we change that to default TRUE) ... so we keep our own + // naive per-request name/value cache and only set the cookie + // if its value is changing (or never seen before) + static $cookies = array(); + if (isset($cookies[$sName]) && $cookies[$sName] === $sValue) + return; + else + $cookies[$sName] = $sValue; + + // if we have a secure connection then limit the cookies to https only. global $is_secure_connection; if ($sName && $is_secure_connection) -- 2.25.1