"adding path (EGW_SERVER_ROOT) to hash for basic auth pseudo sesion id

(otherwise different installs in different pathes using identical credentials would share the session, which is no good idea)"
This commit is contained in:
Ralf Becker 2009-04-30 07:36:23 +00:00
parent a4e67abeff
commit 1af0e3b409

View File

@ -740,7 +740,7 @@ class egw_session
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php')))
{ {
// we generate a pseudo-sessionid from the basic auth credentials // we generate a pseudo-sessionid from the basic auth credentials
$sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST']); $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT);
} }
elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME])) elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME]))
{ {