Regenerate CSRF token upon login

Otherwise somebody else might be able to note down the CSRF token before login on a shared computer.
author: Lukas Reschke <lukas@owncloud.com> 2016-01-25 17:15:28 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2016-01-25 20:03:40 +0100
commit: 12b22c275974ef544adff2029a542d97210c8087 (patch)
tree: a1b3a0d89b25898e7825e8e0511d1b1e197c8460 /lib/private/user.php
parent: a977465af5834a76b1e98854a2c9bfbe413c218c (diff)
download: nextcloud-server-12b22c275974ef544adff2029a542d97210c8087.tar.gz
nextcloud-server-12b22c275974ef544adff2029a542d97210c8087.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/private/user.php b/lib/private/user.php
index 90925a2c89a..ae98bb9b01a 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -162,6 +162,8 @@ class OC_User {
 	public static function login($loginname, $password) {
 		$result = self::getUserSession()->login($loginname, $password);
 		if ($result) {
+			// Refresh the token
+			\OC::$server->getCsrfTokenManager()->refreshToken();
 			//we need to pass the user name, which may differ from login name
 			$user = self::getUserSession()->getUser()->getUID();
 			OC_Util::setupFS($user);
author	Lukas Reschke <lukas@owncloud.com>	2016-01-25 17:15:28 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2016-01-25 20:03:40 +0100
commit	12b22c275974ef544adff2029a542d97210c8087 (patch)
tree	a1b3a0d89b25898e7825e8e0511d1b1e197c8460 /lib/private/user.php
parent	a977465af5834a76b1e98854a2c9bfbe413c218c (diff)
download	nextcloud-server-12b22c275974ef544adff2029a542d97210c8087.tar.gz nextcloud-server-12b22c275974ef544adff2029a542d97210c8087.zip