Lukas Reschke
770c62c5d8
Clear session after logout
...
Fixes https://github.com/owncloud/core/issues/8420
2014-10-30 12:10:39 +01:00
Robin Appelman
912fbfab01
Unset the cached active user when using a different session object
2014-10-13 13:11:48 +02:00
Lukas Reschke
63a90a129b
Use proper RNG generator
...
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Jörn Friedrich Dreyer
f551917a3c
kill OC::$session
...
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Thomas Müller
a72dae6842
Merge pull request #10144 from owncloud/issue/9972
...
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Joas Schilling
4865c52aa6
Fix isLoggedIn() check for user '0'
...
Fix #9972
2014-08-04 15:53:55 +02:00
Robin Appelman
20c1ce7f47
Add public interfaces for User, UserManager and UserSession
2014-07-14 15:10:51 +02:00
Arthur Schiwon
748a219243
add preRememberedLogin hook and document this and postRememberedLogin in class descripttion. Also fixes documentation of postLogin hook
2014-05-26 13:53:26 +02:00
Arthur Schiwon
2c89962919
clean up tryRememberLogin and save the timestamp of users last login
2014-05-21 18:03:37 +02:00
Robin McCorkell
bac8962bbc
Fix Scrutinizer errors
2014-05-13 19:08:14 +01:00
Lukas Reschke
f7fa8662e2
Remove `session_id_regenerate` from here
...
Jenkins somewhat complains that there are already sent headers.
2014-02-21 08:12:45 +01:00
Lukas Reschke
0241ddc759
Merge pull request #6519 from nhirokinet/master
...
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef
polish documentation based on scrutinizer patches
2014-02-06 17:02:21 +01:00
Thomas Müller
9b7c3a5c66
fixing PHPDoc and use cameCase names
2014-01-09 10:27:47 +01:00
NARUKAWA Hiroki
068688063e
Security Update: session fixation
...
Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.
2013-12-20 03:38:51 +09:00
Arthur Schiwon
91d6a6dd7c
On webdav sesssions, loginname was compared to username which does not need to match necessarily
2013-12-13 16:58:03 +01:00
Vincent Petry
013444813e
Now removing stray old cookies from 5.0.12
...
Cookies from 5.0.12 seemed to have an extra slash in the path.
Firefox doesn't allow to remove them if the trailing slash isn't
there,
thus making it impossible to logout correctly.
This fix adds extra code to delete such stray cookies.
Ported from stable5 branch 99e5c6f7eb
2013-11-07 18:49:50 +01:00
Thomas Müller
9c9dc276b7
move the private namespace OC into lib/private - OCP will stay in lib/public
...
Conflicts:
lib/private/vcategories.php
2013-09-30 16:36:59 +02:00