Merge pull request #24554 from nextcloud/backport/24550/stable19

rullzer · web-flow · commit 8a93263b867d · 2020-12-04T16:09:40.000+01:00
[stable19] Generate a new session id if the decrypting the session data fails
diff --git a/lib/private/Session/CryptoSessionData.php b/lib/private/Session/CryptoSessionData.php
@@ -87,6 +87,7 @@ protected function initializeSession() {
 			);
 		} catch (\Exception $e) {
 			$this->sessionValues = [];
+			$this->regenerateId(true, false);
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,7 @@ protected function initializeSession() {`
`87`	`87`	`);`
`88`	`88`	`} catch (\Exception $e) {`
`89`	`89`	`$this->sessionValues = [];`
	`90`	`+ $this->regenerateId(true, false);`
`90`	`91`	`}`
`91`	`92`	`}`
`92`	`93`