diff options
author | Benny Baumann <BenBE@geshi.org> | 2013-06-25 23:05:18 +0200 |
---|---|---|
committer | Benny Baumann <BenBE@geshi.org> | 2013-06-25 23:05:18 +0200 |
commit | ddfa705d6f3931cfac61360d20c5d530dca26398 (patch) | |
tree | df160cf3498785b4b3fdafde8f6d7f5a2e6b4efe /includes/loggedin.php | |
parent | 64eabd527666a70b66f28bfb55c831c70e85f8a1 (diff) | |
download | cacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.tar.gz cacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.tar.xz cacert-devel-ddfa705d6f3931cfac61360d20c5d530dca26398.zip |
bug 1176: Avoid unsetting the CSRF Hashes from the session when doing cert login
Diffstat (limited to 'includes/loggedin.php')
-rw-r--r-- | includes/loggedin.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/loggedin.php b/includes/loggedin.php index f4548a5..4fd9b49 100644 --- a/includes/loggedin.php +++ b/includes/loggedin.php @@ -27,7 +27,7 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - if($key == '_config' || $key == 'mconn') + if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); @@ -53,7 +53,7 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - if($key == '_config' || $key == 'mconn') + if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5)) continue; if(is_int($key) || is_string($key)) unset($_SESSION[$key]); @@ -72,7 +72,7 @@ $_SESSION['profile'] = ""; foreach($_SESSION as $key => $value) { - if($key == '_config' || $key == 'mconn') + if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5)) continue; unset($_SESSION[$key]); unset($$key); |