From a39f08991e6530aafd9cb1fc84c11ecec0f0a878 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 2 Aug 2013 17:01:04 -0500
Subject: [PATCH] Use a non-standard session cookie name

Which will help against clobbering session cookies against other PHP
applications shared on a parent domain of the domain hosting osTicket or in
a parent folder or virtual folder.
---
 include/class.config.php     | 5 ++---
 include/class.ostsession.php | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/class.config.php b/include/class.config.php
index 0a458764f..126c96c90 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -66,11 +66,10 @@ class Config {
             return $this->session[$key];
         elseif (isset($this->config[$key]))
             return $this->config[$key]['value'];
-        elseif ($default !== null)
-            return $this->set($key, $default);
         elseif (isset($this->defaults[$key]))
             return $this->defaults[$key];
-        return null;
+
+        return $default;
     }
 
     function exists($key) {
diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index 1bcea436b..7541e19ec 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -21,7 +21,6 @@ class osTicketSession {
     var $id = '';
 
     function osTicketSession($ttl=0){
-
         $this->ttl =$ttl?$ttl:get_cfg_var('session.gc_maxlifetime');
         if(!$this->ttl)
             $this->ttl=SESSION_TTL;
@@ -40,6 +39,7 @@ class osTicketSession {
             register_shutdown_function('session_write_close');
         }
         //Start the session.
+        session_name('OSTSESSID');
         session_start();
     }
 
-- 
GitLab