Skip to content

Commit 94f59ea

Browse files
tsviklinskyitsviklinskyi
committed
MC-31435: PHPSessionId should changed after logout
1 parent cde4f67 commit 94f59ea

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

app/code/Magento/Customer/Model/AccountManagement.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -720,6 +720,7 @@ public function resetPassword($email, $resetToken, $newPassword)
720720
$newPassword
721721
);
722722
$this->checkPasswordStrength($newPassword);
723+
$this->sessionManager->regenerateId();
723724
//Update secure data
724725
$customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
725726
$customerSecure->setRpToken(null);
@@ -1045,10 +1046,11 @@ private function changePasswordForCustomer($customer, $currentPassword, $newPass
10451046
}
10461047
$customerEmail = $customer->getEmail();
10471048
$this->credentialsValidator->checkPasswordDifferentFromEmail($customerEmail, $newPassword);
1049+
$this->checkPasswordStrength($newPassword);
1050+
$this->sessionManager->regenerateId();
10481051
$customerSecure = $this->customerRegistry->retrieveSecureData($customer->getId());
10491052
$customerSecure->setRpToken(null);
10501053
$customerSecure->setRpTokenCreatedAt(null);
1051-
$this->checkPasswordStrength($newPassword);
10521054
$customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
10531055
$this->destroyCustomerSessions($customer->getId());
10541056
$this->disableAddressValidation($customer);

app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1551,6 +1551,7 @@ public function testChangePassword()
15511551
->with($customer);
15521552

15531553
$this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
1554+
$this->sessionManager->expects($this->atLeastOnce())->method('regenerateId');
15541555

15551556
$visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
15561557
->disableOriginalConstructor()
@@ -1628,6 +1629,7 @@ function ($string) {
16281629

16291630
$this->sessionManager->method('isSessionExists')->willReturn(false);
16301631
$this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
1632+
$this->sessionManager->expects($this->atLeastOnce())->method('regenerateId');
16311633
$visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
16321634
->disableOriginalConstructor()
16331635
->setMethods(['getSessionId'])

0 commit comments

Comments
 (0)