diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-09-05 11:52:02 +0300 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2020-09-07 08:37:09 +0300 |
| commit | eb82bb030d47f42b74eeb1f64eecf7bb156725d4 (patch) | |
| tree | b160caa5d7121def117bb4ffe170839c03b20ce5 | |
| parent | 7a24fa7098a89f5f8a957b46281b2ffb83a5901b (diff) | |
Harden check when using token from memcache
Explicitly comparing never hurt anybody.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | lib/Service/SessionService.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Service/SessionService.php b/lib/Service/SessionService.php index d02d2ad0b..16d1fcabb 100644 --- a/lib/Service/SessionService.php +++ b/lib/Service/SessionService.php @@ -152,7 +152,14 @@ class SessionService { $data = $this->cache->get($token); if ($data !== null) { - return Session::fromRow(json_decode($data, true)); + $session = Session::fromRow(json_decode($data, true)); + if ($session->getId() !== $sessionId || $session->getDocumentId() !== $documentId) { + $this->cache->remove($token); + $this->session = false; + return false; + } + + return $session; } try { |