session_save_session(FALSE) [#234920]

Hi,

I was just doing a general security review and saw this: http://drupal.org/node/218104

It says that modules should implement session_save_session(FALSE); before "impersonating another user" and session_save_session(TRUE); after returning to the original user. Should mailhandler implement this in the mailhandler_retrieve function?

Best,
Chad

Comments

Comment #1

moshe weitzman commented 2 May 2008 at 17:32

Status:

Active

» Fixed

committed. thx.

Comment #2

Anonymous (not verified) commented 16 May 2008 at 17:41

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

session_save_session(FALSE)

Comments

Comment #1

Comment #2

News items

Our community

Documentation

Drupal code base

Governance of community