public static function initSession() { // prevents javascript from accessing php session cookies ini_set('session.cookie_httponly', true); // set the cookie path to the ownCloud directory $cookie_path = OC::$WEBROOT ?: '/'; ini_set('session.cookie_path', $cookie_path); // Let the session name be changed in the initSession Hook $sessionName = OC_Util::getInstanceId(); try { // Allow session apps to create a custom session object $useCustomSession = false; $session = self::$server->getSession(); OC_Hook::emit('OC', 'initSession', array('session' => &$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); if (!$useCustomSession) { // set the session name to the instance id - which is unique $session = new \OC\Session\Internal($sessionName); } $cryptoWrapper = \OC::$server->getSessionCryptoWrapper(); $session = $cryptoWrapper->wrapSession($session); self::$server->setSession($session); // if session cant be started break with http 500 error } catch (Exception $e) { \OCP\Util::logException('base', $e); //show the user a detailed error page OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); OC_Template::printExceptionErrorPage($e); } $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation /** * @var \OCP\ISession $session */ $session = self::$server->getSession(); if (!$session->exists('SID_CREATED')) { $session->set('SID_CREATED', time()); } else { if (time() - $session->get('SID_CREATED') > $sessionLifeTime / 2) { session_regenerate_id(true); $session->set('SID_CREATED', time()); } } // session timeout if ($session->exists('LAST_ACTIVITY') && time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, $cookie_path); } session_unset(); session_destroy(); session_start(); } $session->set('LAST_ACTIVITY', time()); }