|
|
|
|
@ -387,17 +387,18 @@ class OC { |
|
|
|
|
// prevents javascript from accessing php session cookies |
|
|
|
|
ini_set('session.cookie_httponly', 'true'); |
|
|
|
|
|
|
|
|
|
// set the cookie path to the Nextcloud directory |
|
|
|
|
$cookie_path = OC::$WEBROOT ? : '/'; |
|
|
|
|
ini_set('session.cookie_path', $cookie_path); |
|
|
|
|
|
|
|
|
|
// Do not initialize sessions for 'status.php' requests |
|
|
|
|
// Monitoring endpoints can quickly flood session handlers |
|
|
|
|
// and 'status.php' doesn't require sessions anyway |
|
|
|
|
// We still need to run the ini_set above so that same-site cookies use the correct configuration. |
|
|
|
|
if (str_ends_with($request->getScriptName(), '/status.php')) { |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// set the cookie path to the Nextcloud directory |
|
|
|
|
$cookie_path = OC::$WEBROOT ? : '/'; |
|
|
|
|
ini_set('session.cookie_path', $cookie_path); |
|
|
|
|
|
|
|
|
|
// Let the session name be changed in the initSession Hook |
|
|
|
|
$sessionName = OC_Util::getInstanceId(); |
|
|
|
|
|
|
|
|
|
|
Andy Scherzinger
9 months ago
committed by