Regenerate CSRF token upon login
Otherwise somebody else might be able to note down the CSRF token before login on a shared computer.
This commit is contained in:
parent
a977465af5
commit
12b22c2759
|
@ -162,6 +162,8 @@ class OC_User {
|
|||
public static function login($loginname, $password) {
|
||||
$result = self::getUserSession()->login($loginname, $password);
|
||||
if ($result) {
|
||||
// Refresh the token
|
||||
\OC::$server->getCsrfTokenManager()->refreshToken();
|
||||
//we need to pass the user name, which may differ from login name
|
||||
$user = self::getUserSession()->getUser()->getUID();
|
||||
OC_Util::setupFS($user);
|
||||
|
|
Loading…
Reference in New Issue