bug 1176: Avoid unsetting the CSRF Hashes from the session when doing cert login
authorBenny Baumann <BenBE@geshi.org>
Tue, 25 Jun 2013 21:05:18 +0000 (23:05 +0200)
committerBenny Baumann <BenBE@geshi.org>
Tue, 25 Jun 2013 21:05:18 +0000 (23:05 +0200)
includes/loggedin.php

index f4548a5..4fd9b49 100644 (file)
@@ -27,7 +27,7 @@
                $_SESSION['profile'] = "";
                foreach($_SESSION as $key => $value)
                {
-                       if($key == '_config' || $key == 'mconn')
+                       if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
                                continue;
                        if(is_int($key) || is_string($key))
                                unset($_SESSION[$key]);
@@ -53,7 +53,7 @@
                        $_SESSION['profile'] = "";
                        foreach($_SESSION as $key => $value)
                        {
-                               if($key == '_config' || $key == 'mconn')
+                               if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
                                        continue;
                                if(is_int($key) || is_string($key))
                                        unset($_SESSION[$key]);
@@ -72,7 +72,7 @@
                        $_SESSION['profile'] = "";
                        foreach($_SESSION as $key => $value)
                        {
-                               if($key == '_config' || $key == 'mconn')
+                               if($key == '_config' || $key == 'mconn' || 'csrf_' = substr($key, 0, 5))
                                        continue;
                                unset($_SESSION[$key]);
                                unset($$key);