From 74876fa6e7548340bf5e55c99075b5d24e5ec232 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Sat, 9 Jan 2016 23:56:28 +0100
Subject: [PATCH] Remove code related to session regeneration after some time

I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.
---
 lib/base.php | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 71c04206f6..51f4d819ab 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -431,20 +431,10 @@ class OC {
 			//show the user a detailed error page
 			OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
 			OC_Template::printExceptionErrorPage($e);
+			die();
 		}
 
 		$sessionLifeTime = self::getSessionLifeTime();
-		// regenerate session id periodically to avoid session fixation
-		/**
-		 * @var \OCP\ISession $session
-		 */
-		$session = self::$server->getSession();
-		if (!$session->exists('SID_CREATED')) {
-			$session->set('SID_CREATED', time());
-		} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
-			$session->regenerateId();
-			$session->set('SID_CREATED', time());
-		}
 
 		// session timeout
 		if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {