From 003ba6f46b84bd81cccce3f66d698c648b2bae22 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Sat, 14 Sep 2013 15:58:57 +0400
Subject: [PATCH] Make session cookie more secure

---
 src/messenger/webim/libs/common.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index 6e653b34..b9577b94 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -15,11 +15,8 @@
  * limitations under the License.
  */
 
+// Prevent Mibew from access to files outside the installation
 @ini_set('open_basedir', dirname(__FILE__) . '/../');
-@ini_set('session.cookie_httponly', TRUE);
-if (is_secure_request()) {
-    @ini_set('session.cookie_secure', TRUE);
-}
 
 require_once(dirname(__FILE__) . '/converter.php');
 require_once(dirname(__FILE__) . '/config.php');
@@ -37,6 +34,14 @@ $home_locale = locale_pattern_check($home_locale) && locale_exists($home_locale)
 $version = '1.6.5';
 $jsver = "165";
 
+// Make session cookie more secure
+@ini_set('session.cookie_httponly', TRUE);
+if (is_secure_request()) {
+    @ini_set('session.cookie_secure', TRUE);
+}
+@ini_set('session.cookie_path', "$webimroot/");
+@ini_set('session.name', 'MibewSessionID');
+
 session_start();
 
 function myiconv($in_enc, $out_enc, $string)
@@ -843,7 +848,7 @@ function sanitize_reg_escape($string)
 
 function safe_htmlspecialchars($string)
 {
-    return htmlspecialchars($string, ENT_QUOTES);
+	return htmlspecialchars($string, ENT_QUOTES);
 }
 
 ?>