Resetting the password should also invalidate the token login cookies

13 years ago · a8d0f84829
parent 0a614429af
commit a8d0f84829
1 changed files with 1 additions and 0 deletions
--- a/core/lostpassword/controller.php
+++ b/core/lostpassword/controller.php
@ -67,6 +67,7 @@ class OC_Core_LostPassword_Controller {
 			if (isset($_POST['password'])) {
 				if (OC_User::setPassword($args['user'], $_POST['password'])) {
 					OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
+					OC_User::unsetMagicInCookie();
 					self::displayResetPasswordPage(true, $args);
 				} else {
 					self::displayResetPasswordPage(false, $args);