From: Florian Preinstorfer <nblock@archlinux.us>
Date: Tue, 13 Mar 2012 15:00:53 +0000 (+0100)
Subject: Fix a session fixation vulnerability
X-Git-Tag: v4.0.0beta~354
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b86f2069ff1f434373c0babe0c28db5ee431498e;p=nextcloud-server.git

Fix a session fixation vulnerability

- regenerate the session for every successful login
- properly destroy a session

Further information can be found on:
https://en.wikipedia.org/wiki/session_fixation
---

diff --git a/lib/user.php b/lib/user.php
index fda19a33154..8c27ec30cc2 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -186,7 +186,7 @@ class OC_User {
 	 * @param $password The password of the user
 	 * @returns true/false
 	 *
-	 * Log in a user - if the password is ok
+	 * Log in a user and regenerate a new session - if the password is ok
 	 */
 	public static function login( $uid, $password ){
 		$run = true;
@@ -195,6 +195,7 @@ class OC_User {
 		if( $run ){
 			$uid=self::checkPassword( $uid, $password );
 			if($uid){
+				session_regenerate_id();
 				self::setUserId($uid);
 				OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password ));
 				return true;
@@ -221,7 +222,8 @@ class OC_User {
 	 */
 	public static function logout(){
 		OC_Hook::emit( "OC_User", "logout", array());
-		$_SESSION['user_id'] = false;
+		session_unset();
+		session_destroy();
 		OC_User::unsetMagicInCookie();
 		return true;
 	}