Project

General

Profile

0001-fixes-4457-Session-fixation-new-session-IDs-are-not-.patch

v1 patch - Dominic Cleal, 03/10/2014 08:12 AM

View differences:

app/controllers/users_controller.rb
62 62
  # Called from the login form.
63 63
  # Stores the user id in the session and redirects required URL or default homepage
64 64
  def login
65
    session[:user] = User.current = nil
66
    session[:locale] = nil
65
    User.current = nil
66
    reset_session
67 67
    if request.post?
68 68
      user = User.try_to_login(params[:login]['login'].downcase, params[:login]['password'])
69 69
      if user.nil?
70
-