Core/Accounts: sessionkey field in account table is only a temporary storage to pass data from authserver to worldserver and should only be used as such. Clearing sessionkey from database after a successful login to prevent possible exploits.

author: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
committer: Shauren <shauren.trinity@gmail.com> 2013-02-07 16:15:23 +0100
commit: fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree: e901d511871986f1b8a6e34f8dab9edcf66cbf0f /src/server/game/Accounts/AccountMgr.cpp
parent: 5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index ce382342de8..b1d0087c32c 100644
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -187,6 +187,14 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass
 
     LoginDatabase.Execute(stmt);
 
+    stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
+
+    stmt->setString(0, "");
+    stmt->setString(1, "");
+    stmt->setString(2, username);
+
+    LoginDatabase.Execute(stmt);
+
     return AOR_OK;
 }
author	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
committer	Shauren <shauren.trinity@gmail.com>	2013-02-07 16:15:23 +0100
commit	fb43a92cc2aaffab42efebf025b6a12c01af8fde (patch)
tree	e901d511871986f1b8a6e34f8dab9edcf66cbf0f /src/server/game/Accounts/AccountMgr.cpp
parent	5b45a87da5a9b82c84da2648f1fc544a0f80ad43 (diff)