Chad has uploaded a new change for review. https://gerrit.wikimedia.org/r/292059
Change subject: Reset all tokens on login ...................................................................... Reset all tokens on login Bug: T122056 Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed (cherry picked from commit ca831d5f4535146dc1ddd19059d981f4deb01126) --- M includes/auth/AuthManager.php M includes/specials/pre-authmanager/SpecialUserlogin.php M includes/user/User.php 3 files changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/59/292059/1 diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php index 136ce26..69f51b8 100644 --- a/includes/auth/AuthManager.php +++ b/includes/auth/AuthManager.php @@ -2288,6 +2288,7 @@ $delay = $session->delaySave(); $session->resetId(); + $session->resetAllTokens(); if ( $session->canSetUser() ) { $session->setUser( $user ); } diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php index e745129..8935a49 100644 --- a/includes/specials/pre-authmanager/SpecialUserlogin.php +++ b/includes/specials/pre-authmanager/SpecialUserlogin.php @@ -1718,6 +1718,7 @@ } SessionManager::getGlobalSession()->resetId(); + SessionManager::getGlobalSession()->resetAllTokens(); } /** diff --git a/includes/user/User.php b/includes/user/User.php index 70adc32..ff3171e 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -3904,6 +3904,7 @@ $session->setLoggedOutTimestamp( time() ); $session->setUser( new User ); $session->set( 'wsUserID', 0 ); // Other code expects this + $session->resetAllTokens(); ScopedCallback::consume( $delay ); $error = false; } -- To view, visit https://gerrit.wikimedia.org/r/292059 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.28.0-wmf.4 Gerrit-Owner: Chad <ch...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits