diff options
| author | Julius Härtl <jus@bitgrid.net> | 2022-12-10 13:37:53 +0100 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2022-12-10 13:37:55 +0100 |
| commit | a6761d76ea5d8103fffd6eabd6e402f528ffcb2f (patch) | |
| tree | 96e7be38e7800cf5429d8b13c7b9fcd1637c1074 | |
| parent | 8d1142cfb95972c1ab7bc24d7606034e8d5a9611 (diff) | |
| download | nextcloud-server-a6761d76ea5d8103fffd6eabd6e402f528ffcb2f.tar.gz nextcloud-server-a6761d76ea5d8103fffd6eabd6e402f528ffcb2f.zip | |
fix: Make sure to reopen session before cleaning
Otherwise restoring the requesttoken would reopen and read the existing
session data and restore it instead of clearing
Signed-off-by: Julius Härtl <jus@bitgrid.net>
| -rw-r--r-- | lib/private/Session/CryptoSessionData.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/Session/CryptoSessionData.php b/lib/private/Session/CryptoSessionData.php index df810d5b30c..1eb6987fc18 100644 --- a/lib/private/Session/CryptoSessionData.php +++ b/lib/private/Session/CryptoSessionData.php @@ -152,6 +152,7 @@ class CryptoSessionData implements \ArrayAccess, ISession { * Reset and recreate the session */ public function clear() { + $reopened = $this->reopen(); $requesttoken = $this->get('requesttoken'); $this->sessionValues = []; if ($requesttoken !== null) { @@ -159,6 +160,9 @@ class CryptoSessionData implements \ArrayAccess, ISession { } $this->isModified = true; $this->session->clear(); + if ($reopened) { + $this->close(); + } } public function reopen(): bool { |