MantisBT: master d8181a54

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2021-02-24 08:16 master 6f369a5a
Affected Issues  0027976: CVE-2009-20001: User cookie string is not reset upon logout
Changeset

Set a new random cookie string upon logout

Per @vboctor's request in PR review 1.

This reverts the earlier implementation, where the cookie string was set
to '' and a new one generated at next login.

Fixes 0027976
mod - core/authentication_api.php Diff File