From b86f2069ff1f434373c0babe0c28db5ee431498e Mon Sep 17 00:00:00 2001
From: Florian Preinstorfer <nblock@archlinux.us>
Date: Tue, 13 Mar 2012 16:00:53 +0100
Subject: [PATCH] Fix a session fixation vulnerability

- regenerate the session for every successful login
- properly destroy a session

Further information can be found on:
https://en.wikipedia.org/wiki/session_fixation
---
 lib/user.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/user.php b/lib/user.php
index fda19a3315..8c27ec30cc 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -186,7 +186,7 @@ class OC_User {
 	 * @param $password The password of the user
 	 * @returns true/false
 	 *
-	 * Log in a user - if the password is ok
+	 * Log in a user and regenerate a new session - if the password is ok
 	 */
 	public static function login( $uid, $password ){
 		$run = true;
@@ -195,6 +195,7 @@ class OC_User {
 		if( $run ){
 			$uid=self::checkPassword( $uid, $password );
 			if($uid){
+				session_regenerate_id();
 				self::setUserId($uid);
 				OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password ));
 				return true;
@@ -221,7 +222,8 @@ class OC_User {
 	 */
 	public static function logout(){
 		OC_Hook::emit( "OC_User", "logout", array());
-		$_SESSION['user_id'] = false;
+		session_unset();
+		session_destroy();
 		OC_User::unsetMagicInCookie();
 		return true;
 	}
-- 
GitLab