From 0ddabcf996ad85d0346e3f44f24448d9b5d4c676 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Sat, 10 Oct 2020 00:01:32 +0200
Subject: [PATCH] clear session on login, fixes #24

---
 uffd/session/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/uffd/session/views.py b/uffd/session/views.py
index 310ceaf6..9badeb3c 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -31,6 +31,7 @@ def login():
 	if not user.is_in_group(current_app.config['ACL_SELFSERVICE_GROUP']):
 		flash('You do not have access to this service')
 		return render_template('login.html', ref=request.values.get('ref'))
+	session.clear()
 	session['user_uid'] = user.uid
 	session['logintime'] = datetime.datetime.now().timestamp()
 	session['_csrf_token'] = secrets.token_hex(128)
-- 
GitLab