wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove code related to session regeneration after some time

Browse source 
I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.
This commit is contained in:
Lukas Reschke 2016-01-09 23:56:28 +01:00 committed by Morris Jobke
parent 21a700bcf7
commit 74876fa6e7
1 changed files with 1 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
lib/base.php
View file

@ -431,20 +431,10 @@ class OC {
//show the user a detailed error page
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
OC_Template::printExceptionErrorPage($e);
die();
}
$sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation
/**
* @var \OCP\ISession $session
*/
$session = self::$server->getSession();
if (!$session->exists('SID_CREATED')) {
$session->set('SID_CREATED', time());
} else if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) {
$session->regenerateId();
$session->set('SID_CREATED', time());
}
// session timeout
if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {