From 9b808c40147ebb2ff58908e17039b6caf076ec7e Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Sun, 27 Nov 2016 13:59:46 +0100 Subject: do not remember session tokens by default We have to respect the value of the remember-me checkbox. Due to an error in the source code the default value for the session token was to remember it. Signed-off-by: Christoph Wurst --- lib/private/User/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index a45b1dcd10f..c3561cf64e3 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -558,7 +558,7 @@ class Session implements IUserSession, Emitter { try { $sessionId = $this->session->getId(); $pwd = $this->getPassword($password); - $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, IToken::REMEMBER); + $this->tokenProvider->generateToken($sessionId, $uid, $loginName, $pwd, $name, IToken::TEMPORARY_TOKEN, $remember); return true; } catch (SessionNotAvailableException $ex) { // This can happen with OCC, where a memory session is used -- cgit v1.2.3