Merge branch 'MDL-80080-unset-logintoken' of https://github.com/brend…

…anheywood/moodle
ingoj · Feb 29, 2024 · 2909651 · 2909651
2 parents 82af08a + c1fc12b
commit 2909651
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php
@@ -1272,7 +1272,7 @@ public static function get_login_token() {
      * @return boolean If the submitted token is valid.
      */
     public static function validate_login_token($token = false) {
-        global $CFG;
+        global $CFG, $SESSION;
 
         if (!empty($CFG->alternateloginurl) || !empty($CFG->disablelogintoken)) {
             // An external login page cannot generate the login token we need to protect CSRF on
@@ -1292,7 +1292,7 @@ public static function validate_login_token($token = false) {
         $currenttoken = self::get_login_token();
 
         // We need to clean the login token so the old one is not valid again.
-        self::create_login_token();
+        unset($SESSION->logintoken);
 
         if ($currenttoken !== $token) {
             // Fail the login.