summaryrefslogtreecommitdiffstats
path: root/lib/private/Session
Commit message (Collapse)AuthorAgeFilesLines
* Update license headersMorris Jobke2017-11-062-1/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix MigrationSchemaChecker and CryptoWrapperLukas Reschke2017-08-011-3/+5
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Forward port of #5190 to masterArthur Schiwon2017-06-151-9/+32
| | | | | | | | | | | | | | | | | Treat PHP Errors on User session regenerate Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove unnecessary lines… Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> change PHP errors to ErrorException in the session (PHP >=7) Otherwise it might be that authentication apps are being disabled on during operation while in fact the session handler has hiccup. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Catch session already closed exception in destructorVictor Dubiniuk2017-04-252-2/+7
|
* Do not clear CSRF token on logout (fix for #1303)Roeland Jago Douma2017-03-131-0/+4
| | | | | | | | | | | | | | | | | | | This is a hacky way to allow the use case of #1303. What happens is 1. User tries to login 2. PreLoginHook kicks in and figures out that the user need to change their LDAP password or whatever => redirects user 3. While loading the redirect some logic of ours kicks in and logouts the user (thus clearing the session). 4. We render the new page but now the session and the page disagree about the CSRF token This is kind of hacky but I don't think it introduces new attack vectors. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update with robinJoas Schilling2016-07-213-3/+3
|
* Fix othersJoas Schilling2016-07-215-8/+13
|
* Update license headersLukas Reschke2016-05-264-5/+7
|
* throw SessionNotAvailableException if session_id returns empty stringChristoph Wurst2016-04-263-4/+17
|
* add ISession::getId() wrapper for session_idChristoph Wurst2016-04-253-0/+30
|
* Move \OC\Session to PSR-4Roeland Jago Douma2016-04-155-0/+613