From 996a62c5f16b20d5eb577ea0fb2293d359ab932c Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@n0v4.com>
Date: Wed, 1 Dec 2010 16:42:48 +1100
Subject: [PATCH] JAIL_COOKIES config directive.

---
 inc/config.php |  4 +++-
 inc/user.php   | 13 ++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 2cd3b71d..9dea8ad7 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -17,12 +17,14 @@
 
 	// The name of the session cookie (PHP's $_SESSION)
 	define('SESS_COOKIE',	'imgboard', true);
-
+	
 	// Used to safely determine when the user was first seen, to prevent floods.
 	// time()
 	define('TIME_COOKIE',	'arrived', true);
 	// HASH_COOKIE contains an MD5 hash of TIME_COOKIE+SALT for verification.
 	define('HASH_COOKIE',	'hash', true);
+	// Where to set the 'path' parameter to ROOT when creating cookies. Recommended.
+	define('JAIL_COOKIES',	true,	true);
 
 	// How long should the cookies last (in seconds)
 	define('COOKIE_EXPIRE',	15778463, true); //6 months
diff --git a/inc/user.php b/inc/user.php
index 1dad35f9..0b9af643 100644
--- a/inc/user.php
+++ b/inc/user.php
@@ -1,14 +1,21 @@
 <?php
 	
+	// Set the session name.
 	session_name(SESS_COOKIE);
-	session_start();
 	
+	// Set session parameters
+	session_set_cookie_params(0, JAIL_COOKIES?ROOT:'/');
+	
+	// Start the session
+	session_start(COOKIE_EXPIRE);
+	
+	// Session creation time
 	if(!isset($_SESSION['created'])) $_SESSION['created'] = time();
 	
 	if(!isset($_COOKIE[HASH_COOKIE]) || !isset($_COOKIE[TIME_COOKIE]) || $_COOKIE[HASH_COOKIE] != md5($_COOKIE[TIME_COOKIE].SALT)) {
 		$time = time();
-		setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, '/', null, false, true);
-		setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, '/', null, false, true);
+		setcookie(TIME_COOKIE, $time, time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
+		setcookie(HASH_COOKIE, md5(time().SALT), time()+COOKIE_EXPIRE, JAIL_COOKIES?ROOT:'/', null, false, true);
 		$user = Array('valid' => false, 'appeared' => $time);
 	} else {
 		$user = Array('valid' => true, 'appeared' => $_COOKIE[TIME_COOKIE]);