From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 14 Dec 2002 06:28:03 +0000 (+0000)
Subject: Sync'ing global.php with stable to fix multi-session merges, and also
X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=281c3d5b16b0e6031a2175c96e74e07371e87a6e;ds=sidebyside

Sync'ing global.php with stable to fix multi-session merges, and also
start a session when trying to set a value to it vai $_SESSION.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4271 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/functions/global.php b/functions/global.php
index a2b146ff..bf32b295 100644
--- a/functions/global.php
+++ b/functions/global.php
@@ -79,6 +79,9 @@ function sqstripslashes(&$array) {
 }
 
 function sqsession_register ($var, $name) {
+
+    sqsession_is_active();
+
     if ( !check_php_version(4,1) ) {
         global $HTTP_SESSION_VARS;
         $HTTP_SESSION_VARS[$name] = $var;
@@ -90,6 +93,9 @@ function sqsession_register ($var, $name) {
 }
 
 function sqsession_unregister ($name) {
+
+    sqsession_is_active();
+
     if ( !check_php_version(4,1) ) {
         global $HTTP_SESSION_VARS;
         unset($HTTP_SESSION_VARS[$name]);
@@ -139,29 +145,49 @@ function sqextractGlobalVar ($name) {
 }
 
 function sqsession_destroy() {
-    global $base_uri;
 
-    /* start session to be able to destroy it later */
-    session_start();	
+    /*
+     * php.net says we can kill the cookie by setting just the name:
+     * http://www.php.net/manual/en/function.setcookie.php
+     * maybe this will help fix the session merging again.
+     *
+     * Changed the theory on this to kill the cookies first starting
+     * a new session will provide a new session for all instances of
+     * the browser, we don't want that, as that is what is causing the
+     * merging of sessions.
+     */
 
-    if ( !check_php_version(4,1) ) {
-        global $HTTP_SESSION_VARS;
-        $HTTP_SESSION_VARS = array();
-    }
-    else {		
-        $_SESSION = array();
+    setcookie(session_name());
+    setcookie('username');
+    setcookie('key');
+
+    $sessid = session_id();
+    if (!empty( $sessid )) {
+        if ( !check_php_version(4,1) ) {
+            global $HTTP_SESSION_VARS;
+            $HTTP_SESSION_VARS = array();
+        } else {
+            $_SESSION = array();
+        }
+        @session_destroy;
     }
 
-    /*
-     * now reset cookies to 5 seconds ago to delete from browser
-     */
+}
 
-    @session_destroy();
-    $cookie_params = session_get_cookie_params();	
-    setcookie(session_name(), '', time() - 5, $cookie_params['path'], 
-        $cookie_params['domain']);
-    setcookie('username', '', time() - 5, $base_uri);
-    setcookie('key', '', time() - 5 , $base_uri);
+/*
+ * Function to verify a session has been started.  If it hasn't
+ * start a session up.  php.net doesn't tell you that $_SESSION
+ * (even though autoglobal), is not created unless a session is
+ * started, unlike $_POST, $_GET and such
+ */
+
+function sqsession_is_active() {
+
+    $sessid = session_id();
+    if ( empty( $sessid ) ) {
+        session_start();
+    }
 }
 
+
 ?>