Commit graph

17 commits

Author SHA1 Message Date
Thomas Müller
682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Lukas Reschke
fec41e7539 Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
2016-01-04 15:09:01 +01:00
Lukas Reschke
5588c5f262 Delete cookie instead of emptying value
PHP will handle session cookies with an empty values as an E_WARNING error. ([php/#68063](https://bugs.php.net/bug.php?id=68063))

ownCloud sets the cookie to an empty value in case the session expires, it however after this starts a new session. Due to potential race conditions this can in unlikely cases lead to the fact that the session never gets restarted and the user is left with an empty cookie. PHP tries then to use the empty cookie which makes the instance not usable.

To work around any race condition we now tell PHP to explicitly delete the value which can be done by using `null` as value, PHP will then send a cookie with the value "deleted". Also theepiration has been set to -1.
2015-10-19 19:54:12 +02:00
Morris Jobke
b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Phil Davis
7940a3fb65 Session closed exception wording
and a small comment typo
2015-09-29 12:17:47 +05:45
Lukas Reschke
0b91087489 Write to session in batch at the end of the request 2015-09-09 12:48:37 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Thomas Müller
843fef0490 Handle session initialization errors and display error page - fixes #15053 2015-03-20 12:21:03 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
cetra3
6b24aa5224 Refactor internal session to write directly to $_SESSION 2014-08-30 08:48:13 +00:00
Thomas Müller
effea790c7 redefine reopen() in class \OC\Session\Internal to avoid accidental calls in productive code 2014-03-18 11:44:22 +01:00
Thomas Müller
a074adb2af fix close() implementation in \OC\Session\Internal 2014-03-10 15:36:20 +01:00
Thomas Müller
73a1ece753 adding an explicit close method to class session - write operations (set and remove) being called after close() will throw an exception 2014-03-10 14:21:12 +01:00
Robin Appelman
5c7a08aab4 check if a $_SESSION entry exists before we try to remove it 2013-12-11 12:59:48 +01:00
Robin Appelman
a36bf5c2b5 preserve 3rd party values in in the Session destructor 2013-12-09 12:38:27 +01:00
Thomas Müller
9c9dc276b7 move the private namespace OC into lib/private - OCP will stay in lib/public
Conflicts:
	lib/private/vcategories.php
2013-09-30 16:36:59 +02:00
Renamed from lib/session/internal.php (Browse further)