X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=INSTALL;h=06af96421fa46c57b454c42eb6c2d6c6d5746ead;hp=38605af84de6d5b8fda7577018ab3a09fbb8b5f5;hb=a167feaff3eeb532001985d30c7eeaaca4539658;hpb=9c83f905fef00de60528b7efcfc4dd3b7c4fa4ee

diff --git a/INSTALL b/INSTALL
index 38605af8..06af9642 100644
--- a/INSTALL
+++ b/INSTALL
@@ -36,19 +36,16 @@ b. Changing php.ini
   can be done at configure time with the configuration directive
   --with-config-file-path=PATH.
 
-  Squirrelmail does not use cookies as of version 0.4.  Edit the 
-  php.ini file and change session.use_cookies to 0 (false).  Also be
-  sure to change the session.save_path to someplace that can only be
-  read and written to by the webserver.  session.save_path is the
+  Edit the php.ini file and make sure session.use_cookies is 1.  Also 
+  be sure to change the session.save_path to someplace that can only 
+  be read and written to by the webserver.  session.save_path is the
   location that PHP's session data will be written to.
 
-  SECURITY WARNING - SquirrelMail saves non plaintext passwords in 
-  PHP's session data to log on to the IMAP server.  If a user has 
-  access to write PHP scripts on your system and knows the location 
-  where PHP stores session data, he could get a listing of the 
-  sessions being used and then read a given session's data with his 
-  own PHP script.  Caution should be used when setting up permissions
-  and locations of php.ini and the session data.
+  SECURITY WARNING - If a user has access to write PHP scripts on your 
+  system and knows the location where PHP stores session data, he 
+  could get a listing of the sessions being used and then read a given 
+  session's data with his own PHP script.  Caution should be used when 
+  setting up permissions and locations of php.ini and the session data.
 
 c. Setting up .php files to use PHP4