mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-03-27 10:43:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Regenerate cookie ID after logging out (#7762)

Browse Source 
To make the session cookie no longer usable if hijacked and put in another browser after user logs out
This commit is contained in:
Inverle
2025-07-29 14:44:14 +02:00
committed by GitHub
parent fe9ef3b506
commit e967b07589
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Controllers/authController.php
View File

@@ -226,6 +226,12 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
if (Minz_Request::isPost()) {
invalidateHttpCache();
FreshRSS_Auth::removeAccess();
ini_set('session.use_cookies', '1');
Minz_Session::lock();
Minz_Session::regenerateID();
Minz_Session::unlock();
Minz_Request::good(_t('feedback.auth.logout.success'), [ 'c' => 'index', 'a' => 'index' ]);
} else {
Minz_Error::error(403);