dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b200ac0)
(bug 25793) Don't output the session ID over HTTP, allows session hijacking because...
authorRoan Kattouw <catrope@users.mediawiki.org>
Fri, 5 Nov 2010 11:42:41 +0000 (11:42 +0000)
committerRoan Kattouw <catrope@users.mediawiki.org>
Fri, 5 Nov 2010 11:42:41 +0000 (11:42 +0000)
includes/api/ApiLogin.php patch | blob | history

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 987d046..2542306 100644 (file)
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -87,14 +87,12 @@ class ApiLogin extends ApiBase {
                                $result['lgusername'] = $wgUser->getName();
                                $result['lgtoken'] = $wgUser->getToken();
                                $result['cookieprefix'] = $wgCookiePrefix;
-                               $result['sessionid'] = session_id();
                                break;
 
                        case LoginForm::NEED_TOKEN:
                                $result['result'] = 'NeedToken';
                                $result['token'] = $loginForm->getLoginToken();
                                $result['cookieprefix'] = $wgCookiePrefix;
-                               $result['sessionid'] = session_id();
                                break;
 
                        case LoginForm::WRONG_TOKEN:
Wiklou, le Wiki du Wiklou