More security in handler in-memory session

6f3bdfd9 · Yadd · 23b79199 · 6f3bdfd9
Commit 6f3bdfd9 authored Dec 30, 2019 by Yadd
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 8 deletions

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm +7 -8

No files found.
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
@@ -481,6 +481,9 @@ sub retrieveSession {
        $class->logger->debug("Get session $id from Handler internal cache");
        return $class->data;
    }
+    else {
+        $class->data( {} );
+    }

    # 2. Get the session from cache or backend
    my $session = $req->data->{session} = (
@@ -763,15 +766,11 @@ sub abort {
 sub localUnlog {
    my ( $class, $req, $id ) = @_;
    $class->logger->debug('Local handler logout');
-    if ( $id //= $class->fetchId($req) ) {

-        # Delete thread data
-        if (    $class->data->{_session_id}
-            and $id eq $class->data->{_session_id} )
-        {
-            $class->data( {} );
-        }
-        delete $req->data->{session};
+    # Delete thread data
+    delete $req->data->{session};
+    $class->data( {} );
+    if ( $id //= $class->fetchId($req) ) {

        # Delete local cache
        if (    $class->tsv->{refLocalStorage}