fix: Lock session during renewal from cookiefix/lock-session-during-cookie-renew

Signed-off-by: Julius Härtl <jus@bitgrid.net>
author: Julius Härtl <jus@bitgrid.net> 2024-04-22 16:17:24 +0200
committer: Julius Härtl <jus@bitgrid.net> 2024-04-22 16:17:24 +0200
commit: 3377baa4391a2484d0b237caea2987f9ef5f2c53 (patch)
tree: 7194fd0e55be8b6a086cbb07ed848d463f6707a9
parent: aff3e65806082e85765630dcdf292d54a7b40277 (diff)
download: nextcloud-server-fix/lock-session-during-cookie-renew.tar.gz
nextcloud-server-fix/lock-session-during-cookie-renew.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php
index 891161ff0c6..eeedea00372 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -1126,12 +1126,19 @@ class OC {
 		if ($userSession->tryTokenLogin($request)) {
 			return true;
 		}
+		$reopened = $userSession->getSession()->reopen();
 		if (isset($_COOKIE['nc_username'])
 			&& isset($_COOKIE['nc_token'])
 			&& isset($_COOKIE['nc_session_id'])
 			&& $userSession->loginWithCookie($_COOKIE['nc_username'], $_COOKIE['nc_token'], $_COOKIE['nc_session_id'])) {
+			if ($reopened) {
+				$userSession->getSession()->close();
+			}
 			return true;
 		}
+		if ($reopened) {
+			$userSession->getSession()->close();
+		}
 		if ($userSession->tryBasicAuthLogin($request, Server::get(IThrottler::class))) {
 			return true;
 		}
author	Julius Härtl <jus@bitgrid.net>	2024-04-22 16:17:24 +0200
committer	Julius Härtl <jus@bitgrid.net>	2024-04-22 16:17:24 +0200
commit	3377baa4391a2484d0b237caea2987f9ef5f2c53 (patch)
tree	7194fd0e55be8b6a086cbb07ed848d463f6707a9
parent	aff3e65806082e85765630dcdf292d54a7b40277 (diff)
download	nextcloud-server-fix/lock-session-during-cookie-renew.tar.gz nextcloud-server-fix/lock-session-during-cookie-renew.zip