Remove code related to session regeneration after some time
I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.
This commit is contained in:
parent
21a700bcf7
commit
74876fa6e7
12
lib/base.php
12
lib/base.php
|
@ -431,20 +431,10 @@ class OC {
|
||||||
//show the user a detailed error page
|
//show the user a detailed error page
|
||||||
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
|
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
|
||||||
OC_Template::printExceptionErrorPage($e);
|
OC_Template::printExceptionErrorPage($e);
|
||||||
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
$sessionLifeTime = self::getSessionLifeTime();
|
$sessionLifeTime = self::getSessionLifeTime();
|
||||||
// regenerate session id periodically to avoid session fixation
|
|
||||||
/**
|
|
||||||
* @var \OCP\ISession $session
|
|
||||||
*/
|
|
||||||
$session = self::$server->getSession();
|
|
||||||
if (!$session->exists('SID_CREATED')) {
|
|
||||||
$session->set('SID_CREATED', time());
|
|
||||||
} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
|
|
||||||
$session->regenerateId();
|
|
||||||
$session->set('SID_CREATED', time());
|
|
||||||
}
|
|
||||||
|
|
||||||
// session timeout
|
// session timeout
|
||||||
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
|
||||||
|
|
Loading…
Reference in New Issue