Hi,
Yes you are totally right, actually my idea is to simplify the code and fix the error problem we are all having. Besides, if I want the session to expire after 3 hours, it has to expire after 3 hours, not later, not before. Thats what I think, and thats what I actually want. In my opinion, 3 hours its fair enough to compose a main, or whatever you decide as "session expiring time".
I can retouch the code so the session wont expire till you close the window. But here is the thing that I cannot understand yet:
1. $SESS_CHANGED in index.php: where do they define this var?, I cant find this var being defined in main.inc. I don't know they value of this var.
2.
// renew auth cookie every 5 minutes (only for GET requests)
if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
{
$_SESSION['auth_time'] = $now;
setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
}
$valid contains true or false based in the result of the function rcmail_auth_hash() compared to the value of $_COOKIE['sessauth']. If the values match (IP correct, session active, and other stuff), $valid=true, else, $valid=false. So, why do they reset the cookie if $valid=false? It should be something like:
// renew auth cookie every 5 minutes (only for GET requests)
if ($valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300))
{
$_SESSION['auth_time'] = $now;
setcookie('sessauth', rcmail_auth_hash(session_id(), $now));
}
So I reset the cookie if the validation of the hash is correct.
Please help me find the $SESS_CHANGED var so we can figure out the entire thing.