diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-09 23:56:28 +0100 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2016-01-10 11:01:30 +0100 |
| commit | 74876fa6e7548340bf5e55c99075b5d24e5ec232 (patch) | |
| tree | 378495edeb1207ed5238a57570d7e93302c02d6e /lib/base.php | |
| parent | 21a700bcf733d59105e3a23489762ac558dca19a (diff) | |
| download | nextcloud-server-74876fa6e7548340bf5e55c99075b5d24e5ec232.tar.gz nextcloud-server-74876fa6e7548340bf5e55c99075b5d24e5ec232.zip | |
Remove code related to session regeneration after some time
I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 12 |
1 files changed, 1 insertions, 11 deletions
diff --git a/lib/base.php b/lib/base.php index 71c04206f6a..51f4d819ab1 100644 --- a/lib/base.php +++ b/lib/base.php @@ -431,20 +431,10 @@ class OC { //show the user a detailed error page OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); OC_Template::printExceptionErrorPage($e); + die(); } $sessionLifeTime = self::getSessionLifeTime(); - // regenerate session id periodically to avoid session fixation - /** - * @var \OCP\ISession $session - */ - $session = self::$server->getSession(); - if (!$session->exists('SID_CREATED')) { - $session->set('SID_CREATED', time()); - } else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) { - $session->regenerateId(); - $session->set('SID_CREATED', time()); - } // session timeout if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) { |