summaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2016-01-04 15:00:58 +0100
committerLukas Reschke <lukas@owncloud.com>2016-01-04 15:09:01 +0100
commitfec41e753926b9f98a554b99dc66b6dd7a0c96a3 (patch)
treec12929701b7e8c5cc7032be5cec9a3164a29ebd1 /lib/base.php
parentebc52300e752c68b3f6dcc822894ad1ab85f0999 (diff)
downloadnextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.tar.gz
nextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.zip
Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php
index 34cbfe3066c..2cace2a0a06 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -442,7 +442,7 @@ class OC {
if (!$session->exists('SID_CREATED')) {
$session->set('SID_CREATED', time());
} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
- session_regenerate_id(true);
+ $session->regenerateId();
$session->set('SID_CREATED', time());
}