wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
43496 commits 157 branches 562 tags 714 MiB
Commit graph

10 commits

Author SHA1 Message Date
Roeland Jago Douma
8cb6bb3987
Make ISession strict 
* Make all implementations strict
* Add scalar types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-26 22:20:21 +01:00
Morris Jobke
fe0dbe7fb7
Fix type in CryptoSessionData 
Found while adding strict typing for PHP7+.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-12 22:41:03 +01:00
Morris Jobke
0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Victor Dubiniuk
131df248ef
Catch session already closed exception in destructor 2017-04-25 16:28:52 +02:00
Roeland Jago Douma
bb94b39745
Do not clear CSRF token on logout (fix for #1303) 
This is a hacky way to allow the use case of #1303.

What happens is

1. User tries to login
2. PreLoginHook kicks in and figures out that the user need to change
their LDAP password or whatever => redirects user
3. While loading the redirect some logic of ours kicks in and logouts
the user (thus clearing the session).
4. We render the new page but now the session and the page disagree
about the CSRF token

This is kind of hacky but I don't think it introduces new attack
vectors.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-13 22:16:56 +01:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
e93bf80b29
throw SessionNotAvailableException if session_id returns empty string 2016-04-26 14:51:21 +02:00
Christoph Wurst
0d53e86421
add ISession::getId() wrapper for session_id 2016-04-25 10:36:24 +02:00
Roeland Jago Douma
e2c36c2903
Move \OC\Session to PSR-4 2016-04-15 07:46:19 +02:00
Renamed from lib/private/session/cryptosessiondata.php (Browse further)