/src/redirect.php

Description

Prevents users from reposting their form data after a successful logout.

Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>

Includes
require_once (SM_PATH.'functions/strings.php') (line 26)
require_once (SM_PATH.'functions/global.php') (line 24)
require_once (SM_PATH.'functions/i18n.php') (line 25)
require_once (SM_PATH.'functions/prefs.php') (line 27)
require_once (SM_PATH.'functions/plugin.php') (line 29)
require_once (SM_PATH.'functions/constants.php') (line 30)
require_once (SM_PATH.'functions/page_header.php') (line 31)
require_once (SM_PATH.'functions/imap.php') (line 28)
Functions
attachment_common_parse (line 198)

Regenerate session id to make sure that authenticated session uses different ID than one used before user authenticated. This is a countermeasure against session fixation attacks.

NB: session_regenerate_id() was added in PHP 4.3.2 (and new session cookie is only sent out in this call as of PHP 4.3.3), but PHP 4 is not vulnerable to session fixation problems in SquirrelMail because it prioritizes $base_uri subdirectory cookies differently than PHP 5, which is otherwise vulnerable. If we really want to, we could define our own session_regenerate_id() when one does not exist, but there seems to be no reason to do so.

void attachment_common_parse ( $str)
  • $str

Documentation generated on Sat, 01 Nov 2014 04:21:43 +0100 by phpDocumentor 1.4.3