Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits.

2026-01-23 18:36:31 +01:00 · 2013-02-07 16:15:23 +01:00
parent 5b45a87da5
commit fb43a92cc2
6 changed files with 28 additions and 24 deletions
--- a/sql/updates/auth/2013_02_07_00_auth_account.sql
+++ b/sql/updates/auth/2013_02_07_00_auth_account.sql
@@ -0,0 +1,3 @@
+UPDATE `account` SET `sessionkey`='';
+ALTER TABLE `account`
+CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver' AFTER `sha_pass_hash`;