Write session name to file in cmsimple/ folder

[cmb69]

Some complex scripts can't be embedded into CMSimple_XH (at least not without considerable effort), but they still can be useful. Hitherto, information could be passed to such "stand-alone" scripts easily via the session. This is unfortunately not easy anymore, since 33eaffe introduced named session, and the "stand-alone" script has no easy way to deduce the session name (especially, as this might change in a future version).

Therefore I suggest to store the name of the session in cmsimple/.sessionname, so a "stand-alone" script could read the file, set the session name accordingly and start the session.

[cmb69]

I suggest to merge PR #219.

[manu37]

I'm unsure if this is a security leak, but your sure know @cmb69.

[cmb69]

I'm unsure if this is a security leak, […]

Before introducing the named sessions the session name always has been PHPSESSID. Using named sessions isn't supposed to improve security (but rather to separate the sessions of multiple installations), so there's no issue. Furthermore, in most cases the session name can be easily inferred from the URL (basically it's "XH" + CMSIMPLE_ROOT). Thirdly, direct access to cmsimple/ shouldn't be possible; the info in cmsimple/config.php would be more interesting for an attacker than the name of the session.