Version 1.48.2

Released: 2015-06-25

• Restore not finding all ca root certs fixed
• php-mail.log parsed incorrectly for evaled code fixed
• Login: Session cookie may expire early if either client or server have wrong time fixed
• Segfault on two-step auth fixed

Restore not finding all ca root certs fixed

When multiple CA Root certificates were set for a domain, the restore only reset one of them.

Fixed by rewriting the code that parses the certificates out of the textareas.

php-mail.log parsed incorrectly for evaled code fixed

Log here:

/home/user/.php/php-mail.log

is parsed and displayed on the E-Mail Usage page, to show script send counts.

When eval() is used to send email, the format changes, causing the file.php(123) which confused the parser into thinking (123) was part of the script name.

Login: Session cookie may expire early if either client or server have wrong time fixed

Relating to this recent change:

Set session expiry

It was determined that many people have server and client computer who have dates that are very inaccurate, causing login issues.

This is because DA sets the session cookie expiry to be at the same time that the session itself will end, but the client might be well ahead of the server, so the expiry happens instantly.

A workaround has been added, where DA has a multiplier variable, eg:

session_cookie_multiplier=24

where, the above will set the cookie to expire 24x the duration of the session itself.

This does not mean the session time changes, because that's also managed by DA on the server side, in the session file, so that remains unaffected.

However, the cookie will now last much longer, to accommodate any issues with time on either the server or client (cookies are managed with GMT time, so isn't a timezone issue)

As the default session timeout is 60 minutes, the 24x multiplier means a session cookie will live for 24 hours, which should be sufficient to account for any strange timezone issues.

Also, for anyone who don't want to use any expiry (back to the old method), they can now turn it off with this:

use_cookie_expires=1

by setting the value to 0 in the directadmin.conf, and restarting DA.

This will cause the cookie expiry to be omitted, meaning the duration of the cookie will be for as long as the browser is open.

Once the browser is closed, the cookie goes away.

Again, this doesn't affect the max session duration, as DA tracks that on the server side.

Related thread:

http://forum.directadmin.com/threads/51619

Segfault on two-step auth fixed

Segfault caused by missing check on the new two-step auth feature.