From 2cd92d0abbeffd1817c87522f9b633b14e60181a Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 28 Oct 2016 11:29:02 +0200
Subject: [PATCH] Fix missing update of session, when it was already used.

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Security/CSRF/TokenStorage/SessionStorage.php | 7 +++++++
 lib/private/Server.php                                    | 7 +++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index cf4cdfa5036..9d2e723a6d3 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -40,6 +40,13 @@ class SessionStorage {
 		$this->session = $session;
 	}
 
+	/**
+	 * @param ISession $session
+	 */
+	public function setSession(ISession $session) {
+		$this->session = $session;
+	}
+
 	/**
 	 * Returns the current token or throws an exception if none is found.
 	 *
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 6f25098eb35..dca50c15733 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -710,13 +710,15 @@ class Server extends ServerContainer implements IServerContainer {
 		});
 		$this->registerService('CsrfTokenManager', function (Server $c) {
 			$tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom());
-			$sessionStorage = new SessionStorage($c->getSession());
 
 			return new CsrfTokenManager(
 				$tokenGenerator,
-				$sessionStorage
+				$c->query(SessionStorage::class)
 			);
 		});
+		$this->registerService(SessionStorage::class, function (Server $c) {
+			return new SessionStorage($c->getSession());
+		});
 		$this->registerService('ContentSecurityPolicyManager', function (Server $c) {
 			return new ContentSecurityPolicyManager();
 		});
@@ -945,6 +947,7 @@ class Server extends ServerContainer implements IServerContainer {
 	 * @param \OCP\ISession $session
 	 */
 	public function setSession(\OCP\ISession $session) {
+		$this->query(SessionStorage::class)->setSession($session);
 		return $this->query('UserSession')->setSession($session);
 	}
 
-- 
GitLab