Resetting the password should also invalidate the token login cookies

This commit is contained in:
Bart Visscher 2012-10-17 17:26:12 +02:00
parent 0a614429af
commit a8d0f84829
1 changed files with 1 additions and 0 deletions

View File

@ -67,6 +67,7 @@ class OC_Core_LostPassword_Controller {
if (isset($_POST['password'])) { if (isset($_POST['password'])) {
if (OC_User::setPassword($args['user'], $_POST['password'])) { if (OC_User::setPassword($args['user'], $_POST['password'])) {
OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword'); OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
OC_User::unsetMagicInCookie();
self::displayResetPasswordPage(true, $args); self::displayResetPasswordPage(true, $args);
} else { } else {
self::displayResetPasswordPage(false, $args); self::displayResetPasswordPage(false, $args);