Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits.

author: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
committer: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
commit: fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree: e901d511871986f1b8a6e34f8dab9edcf66cbf0f /sql/updates/auth
parent: 5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/sql/updates/auth/2013_02_07_00_auth_account.sql b/sql/updates/auth/2013_02_07_00_auth_account.sql
new file mode 100644
index 00000000000..03bdf8cdcd5
--- /dev/null
+++ b/sql/updates/auth/2013_02_07_00_auth_account.sql
@@ -0,0 +1,3 @@
+UPDATE `account` SET `sessionkey`='';
+ALTER TABLE `account`
+CHANGE `sessionkey` `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver' AFTER `sha_pass_hash`;
author	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
committer	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
commit	fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree	e901d511871986f1b8a6e34f8dab9edcf66cbf0f /sql/updates/auth
parent	5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)