Skip to content

Commit

Permalink
Invalidate the session ID to prevent reuse
Browse files Browse the repository at this point in the history
1. Good logs in
2. Bad captures Good's session cookie
3. Good logs out
4. Session cookie no longer works
5. Good logs in a second time
6. ORIGINAL session cookie works (Bad is also signed in)
  • Loading branch information
daftspunk committed Jan 30, 2021
1 parent e292d79 commit 642f597
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Auth/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -686,7 +686,7 @@ public function logout()

$this->user = null;

Session::flush();
Session::invalidate();
Cookie::queue(Cookie::forget($this->sessionKey));
}

Expand Down

0 comments on commit 642f597

Please # to comment.