Fix for session fixation vulnerability

Signed-off-by: snipe <snipe@snipe.net>
2020-05-12 10:31:54 -07:00
parent 7fb3a9b82c
commit 0550fe0ffa
1 changed files with 1 additions and 1 deletions
@@ -303,8 +303,8 @@ class LoginController extends Controller
     */
    public function logout(Request $request)
    {
-        $request->session()->forget('2fa_authed');

+        $request->session()->regenerate(true);
        Auth::logout();

        $settings = Setting::getSettings();