Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Patch #138531 by bjaspan: destroy existing sessions when a user password is changed. 

Backport from HEAD.
5.x
Neil Drumm 2007-04-24 08:04:30 +00:00
parent 7c4c8dbd33
commit f83e94c057
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/user/user.module
View File

@ -154,6 +154,13 @@ function user_save($account, $array = array(), $category = 'account') {
sess_destroy_uid($account->uid); sess_destroy_uid($account->uid);
} }
// If the password changed, delete all open sessions and recreate
// the current one.
if (isset($array['pass'])) {
sess_destroy_uid($account->uid);
sess_regenerate();
}
// Refresh user object // Refresh user object
$user = user_load(array('uid' => $account->uid)); $user = user_load(array('uid' => $account->uid));
user_module_invoke('after_update', $array, $user, $category); user_module_invoke('after_update', $array, $user, $category);