Imported Debian patch 0.5.2+dfsg-1

[roundcube.git] / program / include / rcube_session.php

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 4137b3714e47783e9cc8a0f33775c2aad43118b5..0bae4a7116f10908258ed7d5649028dffe305d11 100644 (file)
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -154,6 +154,8 @@ class rcube_session
       sprintf("DELETE FROM %s WHERE sess_id = ?", get_table_name('session')),
       $key);
 
+    if ($key == $this->key)
+        $this->vars = false;
     return true;
   }
 
@@ -181,27 +183,12 @@ class rcube_session
   }
 
 
-  public function regenerate_id()
+  public function regenerate_id($destroy=true)
   {
-    $randval = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
-    for ($random = '', $i=1; $i <= 32; $i++) {
-      $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
-    }
-
-    // use md5 value for id or remove capitals from string $randval
-    $random = md5($random);
-
-    // delete old session record
-    $this->destroy(session_id());
-
-    session_id($random);
-
-    $cookie   = session_get_cookie_params();
-    $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
-
-    rcmail::setcookie(session_name(), $random, $lifetime);
+    session_regenerate_id($destroy);
 
+    $this->vars = false;
+    $this->key  = session_id();
     return true;
   }