Delete cookie instead of emptying value - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

index : nextcloud-server.git

Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

www-data

summary refs log tree commit diff stats

path: root/core/js/update.js

diff options

author	Lukas Reschke <lukas@owncloud.com>	2015-10-19 19:54:12 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2015-10-19 19:54:12 +0200
commit	5588c5f262b37ebb736c9cada0dc2a0fe2a70f7c (patch)
tree	4ed46f1700d17ed41f4112c3d4c51d85838628d2 /core/js/update.js
parent	3d4e0ba4e7d6e4b3e9aaf943e3d74d1a5ee9acd2 (diff)
download	nextcloud-server-5588c5f262b37ebb736c9cada0dc2a0fe2a70f7c.tar.gz nextcloud-server-5588c5f262b37ebb736c9cada0dc2a0fe2a70f7c.zip

Delete cookie instead of emptying value

PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.

Diffstat (limited to 'core/js/update.js')

0 files changed, 0 insertions, 0 deletions