summaryrefslogtreecommitdiffstats
path: root/lib/private/session
Commit message (Collapse)AuthorAgeFilesLines
* Scrutinizer Auto-FixesScrutinizer Auto-Fixer2015-12-071-1/+0
| | | | This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
* Delete cookie instead of emptying valueLukas Reschke2015-10-191-1/+5
| | | | | | | | PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
* update licence headers via scriptMorris Jobke2015-10-054-0/+6
|
* Session closed exception wordingPhil Davis2015-09-293-3/+3
| | | | and a small comment typo
* Use / instead of an empty string as cookie pathLukas Reschke2015-09-141-1/+5
| | | | | | | | | | | | | | When an empty string is used as cookie path PHP will assign the current directory as cookie path. This means when an user had installed an ownCloud under "/", which is mapped to an empty string in \OC::$WEBROOT, and accessed it the cookie was set to values such as "/index.php/apps/files" since the web browser assumed this to be a directory. This means that multiple encryption cookies were set for the same domain resulting in potential havoc. With this patch the path will be set to "/" in case an empty web root is installed which makes the cookie accessible to the whole domain. To test this setup multiple ownCloud instances on the same domain under different ports and have both installed under "/", then try to login in both of it and previously this can in some cases lead to a lockout of the user. Note that this affects the cookies that the browsers do sent and thus to test this you need to clear all cookies from your browser previously. I consider this an acceptable behaviour for now since this code is only in master. Fixes https://github.com/owncloud/core/issues/18919
* Write to session in batch at the end of the requestLukas Reschke2015-09-092-8/+22
|
* Write session data to single keyLukas Reschke2015-09-091-16/+30
| | | | This prevents decrypting values multiple times.
* Handle failures gracefully, remove switchLukas Reschke2015-08-212-21/+43
|
* Add a session wrapper to encrypt the data before storing it on diskJoas Schilling2015-08-212-0/+221
|
* Update license headersJenkins for ownCloud2015-03-263-12/+59
|
* Handle session initialization errors and display error page - fixes #15053Thomas Müller2015-03-201-1/+7
|
* Revert "Updating license headers"Morris Jobke2015-02-263-56/+15
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Updating license headersJenkins for ownCloud2015-02-233-15/+56
|
* Refactor internal session to write directly to $_SESSIONcetra32014-08-301-7/+37
|
* redefine reopen() in class \OC\Session\Internal to avoid accidental calls in ↵Thomas Müller2014-03-181-0/+3
| | | | productive code
* introduce reopen() method to be used for unit test execution only - right ↵Thomas Müller2014-03-171-0/+7
| | | | after a unit test has been executed the session will be reopened
* PHPDoc updatedThomas Müller2014-03-102-2/+13
|
* fix close() implementation in \OC\Session\InternalThomas Müller2014-03-101-2/+9
|
* adding an explicit close method to class session - write operations (set and ↵Thomas Müller2014-03-103-1/+15
| | | | remove) being called after close() will throw an exception
* polish documentation based on scrutinizer patchesJörn Friedrich Dreyer2014-02-061-1/+1
|
* check if a $_SESSION entry exists before we try to remove itRobin Appelman2013-12-111-1/+3
|
* preserve 3rd party values in in the Session destructorRobin Appelman2013-12-092-2/+11
|
* fixing php 5.3 compatibilityThomas Müller2013-10-081-31/+4
| | | | PHP Fatal error: Can't inherit abstract function OCP\ISession::set() (previously declared abstract in OC\Session\Session)
* move the private namespace OC into lib/private - OCP will stay in lib/publicThomas Müller2013-09-303-0/+181
Conflicts: lib/private/vcategories.php
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-27 07:59:21 +0000