diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-02-20 14:28:26 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-02-20 14:28:26 +0100 |
| commit | 0241ddc759f7e2d2695c4626df5d2ac27b8b1d90 (patch) | |
| tree | 356cf3406fb7697a8df161639dd3e7a74872c066 /lib | |
| parent | 742f54b6d556797bbef2847e546861de0008a28a (diff) | |
| parent | c2e2c59ca7aa873bd07de04ea701a8b351383aec (diff) | |
| download | nextcloud-server-0241ddc759f7e2d2695c4626df5d2ac27b8b1d90.tar.gz nextcloud-server-0241ddc759f7e2d2695c4626df5d2ac27b8b1d90.zip | |
Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/user.php | 1 | ||||
| -rw-r--r-- | lib/private/user/session.php | 1 |
2 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/user.php b/lib/private/user.php index 86a01f96258..08ead712028 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -246,7 +246,6 @@ class OC_User { OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid )); if($uid) { - session_regenerate_id(true); self::setUserId($uid); self::setDisplayName($uid); self::getUserSession()->setLoginName($uid); diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 1740bad5abe..cd03b30205f 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -157,6 +157,7 @@ class Session implements Emitter, \OCP\IUserSession { if($user !== false) { if (!is_null($user)) { if ($user->isEnabled()) { + session_regenerate_id(true); $this->setUser($user); $this->setLoginName($uid); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); |