Bug #4457 » 0001-fixes-4457-Session-fixation-new-session-IDs-are-not-.patch
| app/controllers/users_controller.rb | ||
|---|---|---|
|
# Called from the login form.
|
||
|
# Stores the user id in the session and redirects required URL or default homepage
|
||
|
def login
|
||
|
session[:user] = User.current = nil
|
||
|
session[:locale] = nil
|
||
|
User.current = nil
|
||
|
reset_session
|
||
|
if request.post?
|
||
|
user = User.try_to_login(params[:login]['login'].downcase, params[:login]['password'])
|
||
|
if user.nil?
|
||