diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-07-05 13:09:18 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2016-07-05 13:09:18 +0100 |
| commit | 3fa598f3e9f5655655e85510d1551b16965bd9d7 (patch) | |
| tree | fd9251a7d9dae35a50ec146042cac6e389d0bb7d /perllib/FixMyStreet/App/Controller/Auth.pm | |
| parent | 2f09edc1784698b1ed74c514068e4e26687c047b (diff) | |
Fix CSRF issue with new login during process.
If you had no session cookie, started reporting a problem, logged in
through that process, you would then get a CSRF error as the token
had been created before the session was.
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index b564a988c..ca4a2fc80 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -85,6 +85,9 @@ sub sign_in : Private { $c->set_session_cookie_expire(0) unless $remember_me; + # Regenerate CSRF token as session ID changed + $c->forward('get_csrf_token'); + return 1; } |