summaryrefslogtreecommitdiff
path: root/app/Core/Security
diff options
context:
space:
mode:
Diffstat (limited to 'app/Core/Security')
-rw-r--r--app/Core/Security/AuthenticationManager.php2
-rw-r--r--app/Core/Security/Token.php12
2 files changed, 8 insertions, 6 deletions
diff --git a/app/Core/Security/AuthenticationManager.php b/app/Core/Security/AuthenticationManager.php
index b1ba76cf..e7a3c8d4 100644
--- a/app/Core/Security/AuthenticationManager.php
+++ b/app/Core/Security/AuthenticationManager.php
@@ -72,7 +72,7 @@ class AuthenticationManager extends Base
foreach ($this->filterProviders('SessionCheckProviderInterface') as $provider) {
if (! $provider->isValidSession()) {
$this->logger->debug('Invalidate session for '.$this->userSession->getUsername());
- $this->sessionStorage->flush();
+ session_flush();
$this->preAuthentication();
return false;
}
diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php
index cbd784a8..9b0c5769 100644
--- a/app/Core/Security/Token.php
+++ b/app/Core/Security/Token.php
@@ -32,12 +32,12 @@ class Token extends Base
*/
public function getCSRFToken()
{
- if (! isset($this->sessionStorage->csrf)) {
- $this->sessionStorage->csrf = array();
+ if (! session_exists('csrf')) {
+ session_set('csrf', []);
}
$nonce = self::getToken();
- $this->sessionStorage->csrf[$nonce] = true;
+ session_merge('csrf', [$nonce => true]);
return $nonce;
}
@@ -51,8 +51,10 @@ class Token extends Base
*/
public function validateCSRFToken($token)
{
- if (isset($this->sessionStorage->csrf[$token])) {
- unset($this->sessionStorage->csrf[$token]);
+ $tokens = session_get('csrf');
+ if (isset($tokens[$token])) {
+ unset($tokens[$token]);
+ session_set('csrf', $tokens);
return true;
}
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-26 23:59:45 +0000