daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-21 02:40:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

aio-interface: preserve login session across container restarts after cookie name change (#7964)

Browse Source
This commit is contained in:
Simon L.
2026-04-20 13:23:38 +02:00
committed by GitHub
parent e1ae6444e5 e378f7faca
commit c428bc3b71
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
php/public/index.php
View File

@@ -37,6 +37,20 @@ $container->set(Guard::class, function () use ($responseFactory) {
});
// Register Middleware To Be Executed On All Routes
// Migrate from the old PHPSESSID cookie to the new __Host-Http-PHPSESSID cookie.
// This is needed because the session cookie was renamed in a previous release. Without this,
// users that were logged in before the update would be logged out after the container restarts.
$wasAuthenticated = false;
if (!isset($_COOKIE['__Host-Http-PHPSESSID']) && isset($_COOKIE['PHPSESSID'])) {
session_name('PHPSESSID');
if (session_start(['save_path' => $dataConst->GetSessionDirectory(), 'use_strict_mode' => true])) {
$wasAuthenticated = isset($_SESSION[\AIO\Auth\AuthManager::SESSION_KEY]) && $_SESSION[\AIO\Auth\AuthManager::SESSION_KEY] === true;
session_unset();
session_destroy();
}
}
session_start([
"name" => "__Host-Http-PHPSESSID", // Set cookie prefix to prevent other pages from overwriting this cookie. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#cookie_prefixes
"save_path" => $dataConst->GetSessionDirectory(), // Where to save the session files
@@ -49,6 +63,10 @@ session_start([
"cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
"cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
]);
if ($wasAuthenticated) {
$container->get(\AIO\Auth\AuthManager::class)->SetAuthState(true);
}
$app->add(Guard::class);
// Create Twig

2
php/src/Auth/AuthManager.php
View File

@@ -8,7 +8,7 @@ use AIO\Data\DataConst;
use \DateTime;
readonly class AuthManager {
private const string SESSION_KEY = 'aio_authenticated';
public const string SESSION_KEY = 'aio_authenticated';
public function __construct(
private ConfigurationManager $configurationManager