On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>tags/v13.0.0beta1
@@ -195,6 +195,7 @@ class DefaultTokenProvider implements IProvider { | |||
$newToken->setRemember($token->getRemember()); | |||
$newToken->setLastActivity($this->time->getTime()); | |||
$this->mapper->insert($newToken); | |||
$this->mapper->delete($token); | |||
} | |||
/** |
@@ -318,6 +318,10 @@ class DefaultTokenProviderTest extends TestCase { | |||
->expects($this->at(1)) | |||
->method('insert') | |||
->with($newToken); | |||
$this->mapper | |||
->expects($this->at(2)) | |||
->method('delete') | |||
->with($token); | |||
$this->tokenProvider->renewSessionToken('oldId', 'newId'); | |||
} | |||
@@ -384,6 +388,10 @@ class DefaultTokenProviderTest extends TestCase { | |||
->expects($this->at(1)) | |||
->method('insert') | |||
->with($this->equalTo($newToken)); | |||
$this->mapper | |||
->expects($this->at(2)) | |||
->method('delete') | |||
->with($token); | |||
$this->tokenProvider->renewSessionToken('oldId', 'newId'); | |||
} |