Fix a session fixation vulnerability

- regenerate the session for every successful login
- properly destroy a session

Further information can be found on:
https://en.wikipedia.org/wiki/session_fixation
This commit is contained in:
Florian Preinstorfer 2012-03-13 16:00:53 +01:00 committed by Robin Appelman
parent 2f3c0a6d80
commit b86f2069ff
1 changed files with 4 additions and 2 deletions

View File

@ -186,7 +186,7 @@ class OC_User {
* @param $password The password of the user * @param $password The password of the user
* @returns true/false * @returns true/false
* *
* Log in a user - if the password is ok * Log in a user and regenerate a new session - if the password is ok
*/ */
public static function login( $uid, $password ){ public static function login( $uid, $password ){
$run = true; $run = true;
@ -195,6 +195,7 @@ class OC_User {
if( $run ){ if( $run ){
$uid=self::checkPassword( $uid, $password ); $uid=self::checkPassword( $uid, $password );
if($uid){ if($uid){
session_regenerate_id();
self::setUserId($uid); self::setUserId($uid);
OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password )); OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password ));
return true; return true;
@ -221,7 +222,8 @@ class OC_User {
*/ */
public static function logout(){ public static function logout(){
OC_Hook::emit( "OC_User", "logout", array()); OC_Hook::emit( "OC_User", "logout", array());
$_SESSION['user_id'] = false; session_unset();
session_destroy();
OC_User::unsetMagicInCookie(); OC_User::unsetMagicInCookie();
return true; return true;
} }