Allow custom session handlers to work correctly (and be defined at the application...
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Fri, 2 Nov 2007 18:51:38 +0000 (18:51 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Fri, 2 Nov 2007 18:51:38 +0000 (18:51 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12756 7612ce4b-ef26-0410-bec9-ea0150e637f0

ChangeLog
include/init.php

index c093b6ee5f05631a46acd3ffe71d9043ab872f14..8d1a77bc269c9547cdca344d5f3adc5a722aca04 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -227,6 +227,8 @@ Version 1.5.2 - SVN
     etc. (#1818398).
   - PAGE_NAME might not be defined in all plugins, which might cause a
     "not defined" error on session timeouts.
+  - Allow custom session handlers to work correctly (and be defined at the
+    application level with SquirrelMail).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
index 1f107726737d51243249fd7bab86f1a072ebe99f..d677942d77d4e95127f5e8cee9d2f04b6c94fd01 100644 (file)
@@ -251,6 +251,51 @@ if (PAGE_NAME == 'login') {
     if (!empty($_SESSION))
         $_SESSION = array();
 
+    /**
+     * Allow administrators to define custom session handlers
+     * for SquirrelMail without needing to change anything in
+     * php.ini (application-level).
+     *
+     * In config_local.php, admin needs to put:
+     *
+     *     $custom_session_handlers = array(
+     *         'my_open_handler',
+     *         'my_close_handler',
+     *         'my_read_handler',
+     *         'my_write_handler',
+     *         'my_destroy_handler',
+     *         'my_gc_handler',
+     *     );
+     *     session_module_name('user');
+     *     session_set_save_handler(
+     *         $custom_session_handlers[0],
+     *         $custom_session_handlers[1],
+     *         $custom_session_handlers[2],
+     *         $custom_session_handlers[3],
+     *         $custom_session_handlers[4],
+     *         $custom_session_handlers[5]
+     *     );
+     *
+     * We need to replicate that code once here because PHP has
+     * long had a bug that resets the session handler mechanism
+     * when the session data is also destroyed.  Because of this
+     * bug, even administrators who define custom session handlers
+     * via a PHP pre-load defined in php.ini (auto_prepend_file)
+     * will still need to define the $custom_session_handlers array
+     * in config_local.php.
+     */
+    global $custom_session_handlers;
+    if (!empty($custom_session_handlers)) {
+        $open    = $custom_session_handlers[0];
+        $close   = $custom_session_handlers[1];
+        $read    = $custom_session_handlers[2];
+        $write   = $custom_session_handlers[3];
+        $destroy = $custom_session_handlers[4];
+        $gc      = $custom_session_handlers[5];
+        session_module_name('user');
+        session_set_save_handler($open, $close, $read, $write, $destroy, $gc);
+    }
+
     sqsession_is_active();
     session_regenerate_id();