fix: Make sure to reopen session before cleaning

Otherwise restoring the requesttoken would reopen and read the existing
session data and restore it instead of clearing

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Author: juliusknorr

lib/private/Session/CryptoSessionData.php

@@ -152,13 +152,17 @@ public function remove(string $key) {
 	 * Reset and recreate the session
 	 */
 	public function clear() {
+		$reopened = $this->reopen();
 		$requesttoken = $this->get('requesttoken');
 		$this->sessionValues = [];
 		if ($requesttoken !== null) {
 			$this->set('requesttoken', $requesttoken);
 		}
 		$this->isModified = true;
 		$this->session->clear();
+		if ($reopened) {
+			$this->close();
+		}
 	}
 
 	public function reopen(): bool {