diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-09-05 11:52:02 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-09-05 11:55:09 +0300 |
commit | 57ab100044d54b7198857add981c643deda54822 (patch) | |
tree | 80c5d8702a5a208fa7c7336374f42d561b7e02dd | |
parent | 44d7dacaaba9136d64930c26008199d597a605eb (diff) |
Harden check when using token from memcache
Explicitly comparing never hurt anybody.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r-- | lib/Service/SessionService.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Service/SessionService.php b/lib/Service/SessionService.php index d02d2ad0b..16d1fcabb 100644 --- a/lib/Service/SessionService.php +++ b/lib/Service/SessionService.php @@ -152,7 +152,14 @@ class SessionService { $data = $this->cache->get($token); if ($data !== null) { - return Session::fromRow(json_decode($data, true)); + $session = Session::fromRow(json_decode($data, true)); + if ($session->getId() !== $sessionId || $session->getDocumentId() !== $documentId) { + $this->cache->remove($token); + $this->session = false; + return false; + } + + return $session; } try { |