From fec41e753926b9f98a554b99dc66b6dd7a0c96a3 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 4 Jan 2016 15:00:58 +0100
Subject: Move regeneration of session ID into session classes

There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
---
 lib/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/base.php')

diff --git a/lib/base.php b/lib/base.php
index 34cbfe3066c..2cace2a0a06 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -442,7 +442,7 @@ class OC {
 		if (!$session->exists('SID_CREATED')) {
 			$session->set('SID_CREATED', time());
 		} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
-			session_regenerate_id(true);
+			$session->regenerateId();
 			$session->set('SID_CREATED', time());
 		}
 
-- 
cgit v1.2.3