From fb43a92cc2aaffab42efebf025b6a12c01af8fde Mon Sep 17 00:00:00 2001
From: Shauren <shauren.trinity@gmail.com>
Date: Thu, 7 Feb 2013 16:15:23 +0100
Subject: Core/Accounts: sessionkey field in account table is only a temporary
 storage to pass data from authserver to worldserver and should only be used
 as such. Clearing sessionkey from database after a successful login to
 prevent possible exploits.

---
 src/server/game/Accounts/AccountMgr.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/server/game/Accounts/AccountMgr.cpp')

diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index ce382342de8..b1d0087c32c 100644
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -187,6 +187,14 @@ AccountOpResult AccountMgr::ChangePassword(uint32 accountId, std::string newPass
 
     LoginDatabase.Execute(stmt);
 
+    stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_VS);
+
+    stmt->setString(0, "");
+    stmt->setString(1, "");
+    stmt->setString(2, username);
+
+    LoginDatabase.Execute(stmt);
+
     return AOR_OK;
 }
 
-- 
cgit v1.2.3