Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(session): Do not log fresh/empty session as error #41318

Merged
merged 1 commit into from
Nov 10, 2023
Merged

fix(session): Do not log fresh/empty session as error #41318

merged 1 commit into from
Nov 10, 2023

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Nov 7, 2023
edited
Loading

This regression was introduced with #40879.

Summary

An empty session can't be decrypted. We can safely ignore this condition and only log if a value is set and that value can't be decrypted.

How to test

  1. Open Nextcloud
  2. Restart the webserver to flush session data
  3. Reload the Nextcloud page

Master: error is logged because the session file is empty.
Here: no error is logged.

Checklist

@ChristophWurst ChristophWurst added 3. to review Waiting for reviews regression labels Nov 7, 2023
@ChristophWurst ChristophWurst self-assigned this Nov 7, 2023
@ChristophWurst ChristophWurst mentioned this pull request Nov 7, 2023
Merged
1 task
ChristophWurst
ChristophWurst commented Nov 7, 2023
View reviewed changes
lib/private/Session/CryptoSessionData.php
'exception' => $e,
]);
if ($encryptedSessionData === '') {
// Nothing to decrypt
$this->sessionValues = [];
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I'm not entirely sure about is whether we need to regenerate the session ID here. But it seems useless if the session we currently have is empty anyway. Regenerating will more likely cause race conditions.

@solracsf solracsf added this to the Nextcloud 28 milestone Nov 10, 2023
This was referenced Nov 10, 2023
Merged
Merged
@ChristophWurst ChristophWurst merged commit 78d5ec4 into master Nov 10, 2023
50 checks passed
@ChristophWurst ChristophWurst deleted the fix/session/empty-session-error-logging branch November 10, 2023 17:55
@ChristophWurst ChristophWurst mentioned this pull request Dec 27, 2023
Open
9 tasks
@ChristophWurst ChristophWurst mentioned this pull request Mar 20, 2024
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@rullzer rullzer Awaiting requested review from rullzer

@dartcafe dartcafe Awaiting requested review from dartcafe

Assignees

@ChristophWurst ChristophWurst

Labels
3. to review Waiting for reviews regression
Projects
None yet
Milestone
Nextcloud 28
Development

Successfully merging this pull request may close these issues.

[Bug]: 28.0.0-beta1 - "Could not decrypt or decode encrypted session data"
4 participants
@ChristophWurst @nickvergessen @AndyScherzinger @solracsf