correctly redirect to last-page if session is timed out and remove passing script/qrystr url parameters

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2023-08-11 12:09:23 +02:00
parent 99c1182af8
commit 2d30394150
6 changed files with 25 additions and 15 deletions
--- a/admin_index.php
+++ b/admin_index.php
@@ -53,6 +53,7 @@ if ($action == 'logout') {
 	if (is_array(CurrentUser::getField('switched_user'))) {
 		$result = CurrentUser::getData();
 		$result = $result['switched_user'];
+		session_regenerate_id(true);
 		CurrentUser::setData($result);
 		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
 		$redirect = "admin_" . $target . ".php";