Headline
CVE-2022-37186: Improve session destroy propagation (#2758) (59c781b3) · Commits · LemonLDAP NG / lemonldap-ng · GitLab
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.
Commit 59c781b3 authored Jul 28, 2022 by
Browse files
Improve session destroy propagation (#2758)
Pipeline #22152 passed with stage
in 9 minutes and 25 seconds
- Changes 2
- Pipelines 1
…
…
@@ -56,7 +56,7 @@ sub materialize {
# Get session from cache
my $id = $session->{data}->{_session_id};
if ( $self->cache->get($id) ) {
if ( !$self->{args}->{noCache} and $self->cache->get($id) ) {
$session->{serialized} = $self->cache->get($id);
return;
}
…
…
…
…
@@ -213,7 +213,8 @@ sub update {
return 0;
}
my $data = $self->_tie_session($tieOptions);
my $data = $self->_tie_session(
{ ( $tieOptions ? %$tieOptions : () ), noCache => 1 } );
if ($data) {
foreach ( keys %$infos ) {
…
…