Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits.

author: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
committer: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
commit: fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree: e901d511871986f1b8a6e34f8dab9edcf66cbf0f /sql/base
parent: 5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql
index 9aaadcb55d5..cdff87c245a 100644
--- a/sql/base/auth_database.sql
+++ b/sql/base/auth_database.sql
@@ -26,7 +26,7 @@ CREATE TABLE `account` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier',
   `username` varchar(32) NOT NULL DEFAULT '',
   `sha_pass_hash` varchar(40) NOT NULL DEFAULT '',
-  `sessionkey` varchar(80) NOT NULL DEFAULT '',
+  `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver',
   `v` varchar(64) NOT NULL DEFAULT '',
   `s` varchar(64) NOT NULL DEFAULT '',
   `email` varchar(254) NOT NULL DEFAULT '',
author	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
committer	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
commit	fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree	e901d511871986f1b8a6e34f8dab9edcf66cbf0f /sql/base
parent	5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)