From 274f82893f0ff7361122ac6d294fc400224e1509 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 12 May 2020 10:38:00 -0700 Subject: [PATCH] Regenerate session ID on logout Signed-off-by: snipe --- app/Http/Controllers/Auth/LoginController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index b17d98029e..2f25deab92 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -382,8 +382,8 @@ class LoginController extends Controller if (!empty($sloRequestUrl)) { return redirect()->away($sloRequestUrl); } - - $request->session()->forget('2fa_authed'); + + $request->session()->regenerate(true); Auth::logout();