Commit 040dc5ff authored by alexpott's avatar alexpott

Issue #2378699 by klausi, David_Rothstein, pwolanin: Port session hijacking...

Issue #2378699 by klausi, David_Rothstein, pwolanin: Port session hijacking fixes from SA-CORE-2014-006 to Drupal 8
parent 62ee12bb
......@@ -80,7 +80,7 @@ public function read($sid) {
// cookies (eg. web crawlers).
$insecure_session_name = $this->sessionManager->getInsecureName();
$cookies = $this->requestStack->getCurrentRequest()->cookies;
if (!$cookies->has($this->getName()) && !$cookies->has($insecure_session_name)) {
if (empty($sid) || (!$cookies->has($this->getName()) && !$cookies->has($insecure_session_name))) {
$user = new UserSession();
return '';
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment