Commit Graph

16 Commits

Author SHA1 Message Date
Lukas Reschke fec41e7539 Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
2016-01-04 15:09:01 +01:00
Lukas Reschke 5588c5f262 Delete cookie instead of emptying value
PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063))

ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable.

To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
2015-10-19 19:54:12 +02:00
Morris Jobke b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Phil Davis 7940a3fb65 Session closed exception wording
and a small comment typo
2015-09-29 12:17:47 +05:45
Lukas Reschke 0b91087489 Write to session in batch at the end of the request 2015-09-09 12:48:37 +02:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Thomas Müller 843fef0490 Handle session initialization errors and display error page - fixes #15053 2015-03-20 12:21:03 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
cetra3 6b24aa5224 Refactor internal session to write directly to $_SESSION 2014-08-30 08:48:13 +00:00
Thomas Müller effea790c7 redefine reopen() in class \OC\Session\Internal to avoid accidental calls in productive code 2014-03-18 11:44:22 +01:00
Thomas Müller a074adb2af fix close() implementation in \OC\Session\Internal 2014-03-10 15:36:20 +01:00
Thomas Müller 73a1ece753 adding an explicit close method to class session - write operations (set and remove) being called after close() will throw an exception 2014-03-10 14:21:12 +01:00
Robin Appelman 5c7a08aab4 check if a $_SESSION entry exists before we try to remove it 2013-12-11 12:59:48 +01:00
Robin Appelman a36bf5c2b5 preserve 3rd party values in in the Session destructor 2013-12-09 12:38:27 +01:00
Thomas Müller 9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00