From 9e8d8e4a06fda84d0c1c295890478daee3a67dd2 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 08 May 2012 06:05:27 -0400
Subject: [PATCH] Accept two past time slots for auth cookie validation; don't encode user-agent into session auth hash (#1488449)

---
 program/include/rcmail.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index eec3dd2..8988bdc 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -802,7 +802,7 @@
       $this->session->set_keep_alive($keep_alive);
     }
 
-    $this->session->set_secret($this->config->get('des_key') . $_SERVER['HTTP_USER_AGENT']);
+    $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));
     $this->session->set_ip_check($this->config->get('ip_check'));
   }
 

--
Gitblit v1.9.1