Delete cookie instead of emptying value
PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063)) ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable. To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
This commit is contained in:
parent
3d4e0ba4e7
commit
5588c5f262
|
@ -427,7 +427,8 @@ class OC {
|
||||||
// session timeout
|
// session timeout
|
||||||
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
||||||
if (isset($_COOKIE[session_name()])) {
|
if (isset($_COOKIE[session_name()])) {
|
||||||
setcookie(session_name(), '', time() - 42000, $cookie_path);
|
setcookie(session_name(), null, -1, self::$WEBROOT ? : '/');
|
||||||
|
unset($_COOKIE[session_name()]);
|
||||||
}
|
}
|
||||||
session_unset();
|
session_unset();
|
||||||
session_destroy();
|
session_destroy();
|
||||||
|
|
|
@ -41,7 +41,11 @@ class Internal extends Session {
|
||||||
public function __construct($name) {
|
public function __construct($name) {
|
||||||
session_name($name);
|
session_name($name);
|
||||||
set_error_handler(array($this, 'trapError'));
|
set_error_handler(array($this, 'trapError'));
|
||||||
|
try {
|
||||||
session_start();
|
session_start();
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
setcookie(session_name(), null, -1, \OC::$WEBROOT ? : '/');
|
||||||
|
}
|
||||||
restore_error_handler();
|
restore_error_handler();
|
||||||
if (!isset($_SESSION)) {
|
if (!isset($_SESSION)) {
|
||||||
throw new \Exception('Failed to start session');
|
throw new \Exception('Failed to start session');
|
||||||
|
|
Loading…
Reference in New Issue