Skip to content

Commit

Permalink
Harden check when using token from memcache
Browse files Browse the repository at this point in the history 
Explicitly comparing never hurt anybody.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
  • Loading branch information
@rullzer
rullzer committed Sep 5, 2020
1 parent 44d7dac commit 57ab100
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/Service/SessionService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,14 @@ public function getSession($documentId, $sessionId, $token) {

$data = $this->cache->get($token);
if ($data !== null) {
return Session::fromRow(json_decode($data, true));
$session = Session::fromRow(json_decode($data, true));
if ($session->getId() !== $sessionId || $session->getDocumentId() !== $documentId) {
$this->cache->remove($token);
$this->session = false;
return false;
}

return $session;
}

try {
Expand Down

0 comments on commit 57ab100

Please sign in to comment.