Fix for session fixation vulnerability

Signed-off-by: snipe <snipe@snipe.net>
snipe · May 12, 2020 · 0550fe0 · 0550fe0
1 parent 7fb3a9b
commit 0550fe0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -303,8 +303,8 @@ public function postTwoFactorAuth(Request $request)
      */
     public function logout(Request $request)
     {
-        $request->session()->forget('2fa_authed');
 
+        $request->session()->regenerate(true);
         Auth::logout();
 
         $settings = Setting::getSettings();