From a6761d76ea5d8103fffd6eabd6e402f528ffcb2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Sat, 10 Dec 2022 13:37:53 +0100
Subject: [PATCH] fix: Make sure to reopen session before cleaning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise restoring the requesttoken would reopen and read the existing
session data and restore it instead of clearing

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/private/Session/CryptoSessionData.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/Session/CryptoSessionData.php b/lib/private/Session/CryptoSessionData.php
index df810d5b30c..1eb6987fc18 100644
--- a/lib/private/Session/CryptoSessionData.php
+++ b/lib/private/Session/CryptoSessionData.php
@@ -152,6 +152,7 @@ class CryptoSessionData implements \ArrayAccess, ISession {
 	 * Reset and recreate the session
 	 */
 	public function clear() {
+		$reopened = $this->reopen();
 		$requesttoken = $this->get('requesttoken');
 		$this->sessionValues = [];
 		if ($requesttoken !== null) {
@@ -159,6 +160,9 @@ class CryptoSessionData implements \ArrayAccess, ISession {
 		}
 		$this->isModified = true;
 		$this->session->clear();
+		if ($reopened) {
+			$this->close();
+		}
 	}
 
 	public function reopen(): bool {