githubFork/roundcubemail.git

			@@ -476,7 +476,7 @@
			$this->session->set_keep_alive($keep_alive);
			}

			$this->session->set_secret($this->config->get('des_key') . $_SERVER['HTTP_USER_AGENT']);
			$this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
			$this->session->set_ip_check($this->config->get('ip_check'));
			}

			@@ -43,7 +43,6 @@
			private $vars = false;
			private $key;
			private $now;
			private $prev;
			private $secret = '';
			private $ip_check = false;
			private $logging = false;
			@@ -519,7 +518,6 @@
			// valid time range is now - 1/2 lifetime to now + 1/2 lifetime
			$now = time();
			$this->now = $now - ($now % ($this->lifetime / 2));
			$this->prev = $this->now - ($this->lifetime / 2);
			}

			/**
			@@ -590,15 +588,22 @@
			$this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . $_SERVER['REMOTE_ADDR']);

			if ($result && $this->_mkcookie($this->now) != $this->cookie) {
			// Check if using id from previous time slot
			if ($this->_mkcookie($this->prev) == $this->cookie) {
			$this->set_auth_cookie();
			}
			else {
			$this->log("Session auth check failed for " . $this->key . "; timeslot = " . date('Y-m-d H:i:s', $this->now));
			$result = false;
			$this->log("Session authentication failed for " . $this->key . "; invalid auth cookie sent");

			// Check if using id from a previous time slot
			for ($i = 1; $i <= 2; $i++) {
			$prev = $this->now - ($this->lifetime / 2) * $i;
			if ($this->_mkcookie($prev) == $this->cookie) {
			$this->log("Send new auth cookie for " . $this->key . ": " . $this->cookie);
			$this->set_auth_cookie();
			$result = true;
			}
			}
			}

			if (!$result)
			$this->log("Session authentication failed for " . $this->key . "; invalid auth cookie sent; timeslot = " . date('Y-m-d H:i:s', $prev));

			return $result;
			}

	program/include/rcube.php	2 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcube_session.php	21 ●●●●● patch \| view \| raw \| blame \| history