diff options
author | Lukas Reschke <lukas@owncloud.com> | 2016-01-04 15:00:58 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2016-01-04 15:09:01 +0100 |
commit | fec41e753926b9f98a554b99dc66b6dd7a0c96a3 (patch) | |
tree | c12929701b7e8c5cc7032be5cec9a3164a29ebd1 /lib/base.php | |
parent | ebc52300e752c68b3f6dcc822894ad1ab85f0999 (diff) | |
download | nextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.tar.gz nextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.zip |
Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
Diffstat (limited to 'lib/base.php')
-rw-r--r-- | lib/base.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 34cbfe3066c..2cace2a0a06 100644 --- a/lib/base.php +++ b/lib/base.php @@ -442,7 +442,7 @@ class OC { if (!$session->exists('SID_CREATED')) { $session->set('SID_CREATED', time()); } else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) { - session_regenerate_id(true); + $session->regenerateId(); $session->set('SID_CREATED', time()); } |