Fix password change in cookie auth

We can not set same cookie twice, so we have to avoid sending auth cookie when we're about to change the password. Signed-off-by: Michal Čihař <michal@cihar.com>
phpmyadmin · Aug 2, 2016 · 38b7318 · 38b7318
1 parent cdcf74a
commit 38b7318
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/libraries/plugins/auth/AuthenticationCookie.php b/libraries/plugins/auth/AuthenticationCookie.php
@@ -492,7 +492,11 @@ public function storeUserCredentials()
         $this->storeUsernameCookie($cfg['Server']['user']);
 
         // Duration = as configured
-        $this->storePasswordCookie($cfg['Server']['password']);
+        // Do not store password cookie on password change as we will
+        // set the cookie again after password has been changed
+        if (! isset($_POST['change_pw'])) {
+            $this->storePasswordCookie($cfg['Server']['password']);
+        }
 
         // Set server cookies if required (once per session) and, in this case,
         // force reload to ensure the client accepts cookies