Merge pull request #6519 from nhirokinet/master

Security Update: session fixation
This commit is contained in:
Lukas Reschke 2014-02-20 14:28:26 +01:00
commit 0241ddc759
2 changed files with 1 additions and 1 deletions

View File

@ -246,7 +246,6 @@ class OC_User {
OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid )); OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
if($uid) { if($uid) {
session_regenerate_id(true);
self::setUserId($uid); self::setUserId($uid);
self::setDisplayName($uid); self::setDisplayName($uid);
self::getUserSession()->setLoginName($uid); self::getUserSession()->setLoginName($uid);

View File

@ -157,6 +157,7 @@ class Session implements Emitter, \OCP\IUserSession {
if($user !== false) { if($user !== false) {
if (!is_null($user)) { if (!is_null($user)) {
if ($user->isEnabled()) { if ($user->isEnabled()) {
session_regenerate_id(true);
$this->setUser($user); $this->setUser($user);
$this->setLoginName($uid); $this->setLoginName($uid);
$this->manager->emit('\OC\User', 'postLogin', array($user, $password)); $this->manager->emit('\OC\User', 'postLogin', array($user, $password));