Skip to content

Remove potential mismatching dav session data during login #35318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 22, 2022
Merged

Remove potential mismatching dav session data during login #35318

merged 1 commit into from
Nov 22, 2022

Conversation

@juliusknorr
Copy link
Member

@juliusknorr juliusknorr commented Nov 22, 2022
edited
Loading

This PR will make sure that whenever a session is being reused during login we properly clean up the dav session data which is only required to prioritise basic auth over the session login on WebDAV. (ref owncloud/core#13245)

We can safely reset this if the session id is being regenerated during login.

The issue never occurred in the wild as far as I can see but was just a side effect of the cypress tests in viewer that reused the cookie jar that was used for userA webdav requests to run a login and e2e test for userB.

See #34934 (comment) for more technical insights.

@juliusknorr
Remove potential mismatching dav session data during login
de3099b 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliusknorr juliusknorr mentioned this pull request Nov 22, 2022
Merged
@juliusknorr juliusknorr requested review from a team, ArtificialOwl, PVince81, blizzz, icewind1991 and skjnldsv and removed request for a team November 22, 2022 07:51
@juliusknorr juliusknorr added bug 3. to review Waiting for reviews labels Nov 22, 2022
@juliusknorr juliusknorr added this to the Nextcloud 26 milestone Nov 22, 2022
PVince81
PVince81 approved these changes Nov 22, 2022
View reviewed changes
Copy link
Member

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 makes sense

@skjnldsv
Copy link
Member

Do we have a list of all those fancy session constants?

@skjnldsv skjnldsv merged commit 7f6e22c into master Nov 22, 2022
@skjnldsv skjnldsv deleted the bugfix/noid/avoid-conflicting-session-data branch November 22, 2022 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PVince81 PVince81 PVince81 approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@blizzz blizzz Awaiting requested review from blizzz

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug

Projects

None yet

Milestone

Nextcloud 26

Development

Successfully merging this pull request may close these issues.

4 participants

@juliusknorr @skjnldsv @PVince81