summaryrefslogtreecommitdiff
path: root/includes/loggedin.php
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2013-06-25 23:05:18 +0200
committerBenny Baumann <BenBE@geshi.org>2013-06-25 23:05:18 +0200
commitddfa705d6f3931cfac61360d20c5d530dca26398 (patch)
treedf160cf3498785b4b3fdafde8f6d7f5a2e6b4efe /includes/loggedin.php
parent64eabd527666a70b66f28bfb55c831c70e85f8a1 (diff)
downloadcacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.tar.gz
cacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.tar.xz
cacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.zip
bug 1176: Avoid unsetting the CSRF Hashes from the session when doing cert login
Diffstat (limited to 'includes/loggedin.php')
-rw-r--r--includes/loggedin.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php
index f4548a5..4fd9b49 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -27,7 +27,7 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- if($key == '_config' || $key == 'mconn')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
@@ -53,7 +53,7 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- if($key == '_config' || $key == 'mconn')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
continue;
if(is_int($key) || is_string($key))
unset($_SESSION[$key]);
@@ -72,7 +72,7 @@
$_SESSION['profile'] = "";
foreach($_SESSION as $key => $value)
{
- if($key == '_config' || $key == 'mconn')
+ if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
continue;
unset($_SESSION[$key]);
unset($$key);