projects / project / luci.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Refined urltokens and XSRF protection
[project/luci.git] / modules / admin-full / luasrc / controller / admin / index.lua
diff --git a/modules/admin-full/luasrc/controller/admin/index.lua b/modules/admin-full/luasrc/controller/admin/index.lua
index c0322d3a2e876d19a6dca2f795737da21d6d925c..e2b812e8c35ce0b36828c882ccfe4be3df9b6a08 100644 (file)
--- a/modules/admin-full/luasrc/controller/admin/index.lua
+++ b/modules/admin-full/luasrc/controller/admin/index.lua
@@ -53,8 +53,9 @@ function action_logout()
        local sauth = require "luci.sauth"
        if dsp.context.authsession then
                sauth.kill(dsp.context.authsession)
+               dsp.context.urltoken.stok = nil
        end
 
-       luci.http.header("Set-Cookie", "sysauth=; path=/")
+       luci.http.header("Set-Cookie", "sysauth=; path=" .. dsp.build_url())
        luci.http.redirect(luci.dispatcher.build_url())
 end
\ No newline at end of file
Lua Configuration Interface (mirror)