using pseudo-sessionid for ownCloud remote.php url too, as we otherwise generate lots of new sessions

This commit is contained in:
Ralf Becker 2012-10-25 12:51:28 +00:00
parent 084a5a5b93
commit 7a981eba15

View File

@ -783,7 +783,7 @@ class egw_session
// for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd) // for WebDAV and GroupDAV we use a pseudo sessionid created from md5(user:passwd)
// --> allows this stateless protocolls which use basic auth to use sessions! // --> allows this stateless protocolls which use basic auth to use sessions!
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) &&
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php','remote.php')))
{ {
// we generate a pseudo-sessionid from the basic auth credentials // we generate a pseudo-sessionid from the basic auth credentials
$sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'. $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.
@ -791,7 +791,7 @@ class egw_session
} }
// same for digest auth // same for digest auth
elseif (isset($_SERVER['PHP_AUTH_DIGEST']) && elseif (isset($_SERVER['PHP_AUTH_DIGEST']) &&
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php','remote.php')))
{ {
// we generate a pseudo-sessionid from the digest username, realm and nounce // we generate a pseudo-sessionid from the digest username, realm and nounce
// can't use full $_SERVER['PHP_AUTH_DIGEST'], as it changes (contains eg. the url) // can't use full $_SERVER['PHP_AUTH_DIGEST'], as it changes (contains eg. the url)