Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
This commit is contained in:
commit
0241ddc759
|
@ -246,7 +246,6 @@ class OC_User {
|
|||
OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
|
||||
|
||||
if($uid) {
|
||||
session_regenerate_id(true);
|
||||
self::setUserId($uid);
|
||||
self::setDisplayName($uid);
|
||||
self::getUserSession()->setLoginName($uid);
|
||||
|
|
|
@ -157,6 +157,7 @@ class Session implements Emitter, \OCP\IUserSession {
|
|||
if($user !== false) {
|
||||
if (!is_null($user)) {
|
||||
if ($user->isEnabled()) {
|
||||
session_regenerate_id(true);
|
||||
$this->setUser($user);
|
||||
$this->setLoginName($uid);
|
||||
$this->manager->emit('\OC\User', 'postLogin', array($user, $password));
|
||||
|
|
Loading…
Reference in New Issue