Rework CSRF interaction with sessions (#2290)

* Rework CSRF interaction with sessions Fix https://github.com/FreshRSS/FreshRSS/issues/2288 Improve security in some edge cases Maybe relevant for https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671 * Forgotten mime type
author: Alexandre Alapetite <alexandre@alapetite.fr> 2019-03-22 19:05:38 +0100
committer: GitHub <noreply@github.com> 2019-03-22 19:05:38 +0100
commit: ebd8c31c0272f135b1b55f0480d1c8c3875935fe (patch)
tree: 829ce65bd8c6bc26ad1946dd08215eb3161ad19f /app/Controllers/userController.php
parent: e84a90943ab1e4a254b2d33c7cabef18b718b456 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 71172b9ef..be3787561 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -247,6 +247,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				$user_conf = get_user_configuration($new_user_name);
 				Minz_Session::_param('currentUser', $new_user_name);
 				Minz_Session::_param('passwordHash', $user_conf->passwordHash);
+				Minz_Session::_param('csrf');
 				FreshRSS_Auth::giveAccess();
 			}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2019-03-22 19:05:38 +0100
committer	GitHub <noreply@github.com>	2019-03-22 19:05:38 +0100
commit	ebd8c31c0272f135b1b55f0480d1c8c3875935fe (patch)
tree	829ce65bd8c6bc26ad1946dd08215eb3161ad19f /app/Controllers/userController.php
parent	e84a90943ab1e4a254b2d33c7cabef18b718b456 (diff)