fix: Make sure to reopen session before cleaning

Otherwise restoring the requesttoken would reopen and read the existing
session data and restore it instead of clearing

Signed-off-by: Julius Härtl <jus@bitgrid.net>

diff --git a/lib/private/Session/CryptoSessionData.php b/lib/private/Session/CryptoSessionData.php
index df810d5b30c8dca091eae713afe8a944f3894b0b..1eb6987fc18f7499d974b39046f2f57b7d8b9bea 100644 (file)
--- a/lib/private/Session/CryptoSessionData.php
+++ b/lib/private/Session/CryptoSessionData.php
@@ -152,6 +152,7 @@ class CryptoSessionData implements \ArrayAccess, ISession {
         * Reset and recreate the session
         */
        public function clear() {
+               $reopened = $this->reopen();
                $requesttoken = $this->get('requesttoken');
                $this->sessionValues = [];
                if ($requesttoken !== null) {
@@ -159,6 +160,9 @@ class CryptoSessionData implements \ArrayAccess, ISession {
                }
                $this->isModified = true;
                $this->session->clear();
+               if ($reopened) {
+                       $this->close();
+               }
        }
 
        public function reopen(): bool {