From fb43a92cc2aaffab42efebf025b6a12c01af8fde Mon Sep 17 00:00:00 2001
From: Shauren <shauren.trinity@gmail.com>
Date: Thu, 7 Feb 2013 16:15:23 +0100
Subject: Core/Accounts: sessionkey field in account table is only a temporary
 storage to pass data from authserver to worldserver and should only be used
 as such. Clearing sessionkey from database after a successful login to
 prevent possible exploits.

---
 sql/base/auth_database.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sql/base/auth_database.sql')

diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql
index 9aaadcb55d5..cdff87c245a 100644
--- a/sql/base/auth_database.sql
+++ b/sql/base/auth_database.sql
@@ -26,7 +26,7 @@ CREATE TABLE `account` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Identifier',
   `username` varchar(32) NOT NULL DEFAULT '',
   `sha_pass_hash` varchar(40) NOT NULL DEFAULT '',
-  `sessionkey` varchar(80) NOT NULL DEFAULT '',
+  `sessionkey` varchar(80) NOT NULL DEFAULT '' COMMENT 'Temporary storage of session key used to pass data from authserver to worldserver',
   `v` varchar(64) NOT NULL DEFAULT '',
   `s` varchar(64) NOT NULL DEFAULT '',
   `email` varchar(254) NOT NULL DEFAULT '',
-- 
cgit v1.2.3