Commit 2a2b7672 authored by Dries's avatar Dries

- Patch #138531 by bjaspan: destroy existing sessions when a user password is changed.

parent 1cd3b7a0
......@@ -193,6 +193,13 @@ function user_save($account, $array = array(), $category = 'account') {
sess_destroy_uid($account->uid);
}
// If the password changed, delete all open sessions and recreate
// the current one.
if (isset($array['pass'])) {
sess_destroy_uid($account->uid);
sess_regenerate();
}
// Refresh user object
$user = user_load(array('uid' => $account->uid));
user_module_invoke('after_update', $array, $user, $category);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment