diff options
| author | Dries Buytaert <dries@buytaert.net> | 2007-04-23 17:07:57 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2007-04-23 17:07:57 +0000 |
| commit | 2a2b7672398bed03fd37198c994942754f982110 (patch) | |
| tree | 763ad83883f0032b9e3271808d21f0f439ccf955 | |
| parent | 1cd3b7a01fb7cce8c7969affc941c35c3ee33e4f (diff) | |
| download | brdo-2a2b7672398bed03fd37198c994942754f982110.tar.gz brdo-2a2b7672398bed03fd37198c994942754f982110.tar.bz2 | |
- Patch #138531 by bjaspan: destroy existing sessions when a user password is changed.
| -rw-r--r-- | modules/user/user.module | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 427f232ab..ff60af77d 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -193,6 +193,13 @@ function user_save($account, $array = array(), $category = 'account') { sess_destroy_uid($account->uid); } + // If the password changed, delete all open sessions and recreate + // the current one. + if (isset($array['pass'])) { + sess_destroy_uid($account->uid); + sess_regenerate(); + } + // Refresh user object $user = user_load(array('uid' => $account->uid)); user_module_invoke('after_update', $array, $user, $category); |