-
Jared Hancock authored
This fixes an issue where the current session data is not retrieved from the database, because it is expired. However, the session-id is not reset either. Therefore, the session data with the new CSRF token is not updated in the database and the user may have trouble logging in. This problem manifests itself as a session expires. If a user clicks somewhere in the software and their session is now expired, a redirect to the login page is triggered. However, the CSRF token sent in the login page is not saved in the database. So when the user logs in, they are greeted with the CSRF failure message. This issue is addressed by retrieving the session data from the database, but clearing the content. Therefore it appears to the software as invalid and is properly reset and saved to the database, thereby avoiding the errors.
Jared Hancock authoredThis fixes an issue where the current session data is not retrieved from the database, because it is expired. However, the session-id is not reset either. Therefore, the session data with the new CSRF token is not updated in the database and the user may have trouble logging in. This problem manifests itself as a session expires. If a user clicks somewhere in the software and their session is now expired, a redirect to the login page is triggered. However, the CSRF token sent in the login page is not saved in the database. So when the user logs in, they are greeted with the CSRF failure message. This issue is addressed by retrieving the session data from the database, but clearing the content. Therefore it appears to the software as invalid and is properly reset and saved to the database, thereby avoiding the errors.
