From 0d3d9b8c15843a8d10008a4f461aec54733325b8 Mon Sep 17 00:00:00 2001
From: Dennis Neufeld <info@dennis14e.de>
Date: Tue, 16 May 2017 19:46:24 +0200
Subject: [PATCH] Fix bug: Session cookie domain

If the web domain is != mail domain, the session cookie is set to the wrong domain.
---
 data/web/inc/sessions.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index 1b2c986c..f78ce532 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -13,7 +13,7 @@ elseif (isset($_SERVER['HTTPS'])) {
 else {
   $IS_HTTPS = false;
 }
-session_set_cookie_params($GLOBALS['SESSION_LIFETIME'], '/', $_SERVER['SERVER_NAME'], $IS_HTTPS, true);
+session_set_cookie_params($GLOBALS['SESSION_LIFETIME'], '/', '', $IS_HTTPS, true);
 session_start();
 if (!isset($_SESSION['CSRF']['TOKEN'])) {
   $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));