Regenerate CSRF token upon login

Otherwise somebody else might be able to note down the CSRF token before login on a shared computer.
2016-01-25 17:15:28 +01:00 · 2016-01-25 17:15:28 +01:00 · 12b22c2759
parent a977465af5
commit 12b22c2759
1 changed files with 2 additions and 0 deletions
--- a/lib/private/user.php
+++ b/lib/private/user.php
@ -162,6 +162,8 @@ class OC_User {
 	public static function login($loginname, $password) {
 		$result = self::getUserSession()->login($loginname, $password);
 		if ($result) {
+			// Refresh the token
+			\OC::$server->getCsrfTokenManager()->refreshToken();
 			//we need to pass the user name, which may differ from login name
 			$user = self::getUserSession()->getUser()->getUID();
 			OC_Util::setupFS($user);