diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-04 15:00:58 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-01-04 15:09:01 +0100 |
| commit | fec41e753926b9f98a554b99dc66b6dd7a0c96a3 (patch) | |
| tree | c12929701b7e8c5cc7032be5cec9a3164a29ebd1 /lib/private/session | |
| parent | ebc52300e752c68b3f6dcc822894ad1ab85f0999 (diff) | |
| download | nextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.tar.gz nextcloud-server-fec41e753926b9f98a554b99dc66b6dd7a0c96a3.zip | |
Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
Diffstat (limited to 'lib/private/session')
| -rw-r--r-- | lib/private/session/cryptosessiondata.php | 10 | ||||
| -rw-r--r-- | lib/private/session/internal.php | 30 | ||||
| -rw-r--r-- | lib/private/session/memory.php | 7 |
3 files changed, 42 insertions, 5 deletions
diff --git a/lib/private/session/cryptosessiondata.php b/lib/private/session/cryptosessiondata.php index dcae1648fe1..b600874412b 100644 --- a/lib/private/session/cryptosessiondata.php +++ b/lib/private/session/cryptosessiondata.php @@ -132,6 +132,16 @@ class CryptoSessionData implements \ArrayAccess, ISession { } /** + * Wrapper around session_regenerate_id + * + * @param bool $deleteOldSession Whether to delete the old associated session file or not. + * @return void + */ + public function regenerateId($deleteOldSession = true) { + $this->session->regenerateId($deleteOldSession); + } + + /** * Close the session and release the lock, also writes all changed data in batch */ public function close() { diff --git a/lib/private/session/internal.php b/lib/private/session/internal.php index 0b6152acf12..8be3356c6db 100644 --- a/lib/private/session/internal.php +++ b/lib/private/session/internal.php @@ -89,10 +89,9 @@ class Internal extends Session { } } - public function clear() { session_unset(); - @session_regenerate_id(true); + $this->regenerateId(); @session_start(); $_SESSION = array(); } @@ -102,14 +101,35 @@ class Internal extends Session { parent::close(); } - public function reopen() { - throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.'); - } + /** + * Wrapper around session_regenerate_id + * + * @param bool $deleteOldSession Whether to delete the old associated session file or not. + * @return void + */ + public function regenerateId($deleteOldSession = true) { + @session_regenerate_id($deleteOldSession); + } + + /** + * @throws \Exception + */ + public function reopen() { + throw new \Exception('The session cannot be reopened - reopen() is ony to be used in unit testing.'); + } + /** + * @param int $errorNumber + * @param string $errorString + * @throws \ErrorException + */ public function trapError($errorNumber, $errorString) { throw new \ErrorException($errorString); } + /** + * @throws \Exception + */ private function validateSession() { if ($this->sessionClosed) { throw new \Exception('Session has been closed - no further changes to the session are allowed'); diff --git a/lib/private/session/memory.php b/lib/private/session/memory.php index ff95efc5345..c6090087457 100644 --- a/lib/private/session/memory.php +++ b/lib/private/session/memory.php @@ -81,6 +81,13 @@ class Memory extends Session { } /** + * Stub since the session ID does not need to get regenerated for the cache + * + * @param bool $deleteOldSession + */ + public function regenerateId($deleteOldSession = true) {} + + /** * Helper function for PHPUnit execution - don't use in non-test code */ public function reopen() { |