From 1ee5ba632ab52b5d3af5c88803fee89c8eaf6fe1 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Mon, 15 Dec 2008 10:40:45 +0000
Subject: Refined urltokens and XSRF protection

---
 modules/admin-full/luasrc/controller/admin/index.lua | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/admin-full/luasrc/controller/admin')

diff --git a/modules/admin-full/luasrc/controller/admin/index.lua b/modules/admin-full/luasrc/controller/admin/index.lua
index c0322d3a2..e2b812e8c 100644
--- a/modules/admin-full/luasrc/controller/admin/index.lua
+++ b/modules/admin-full/luasrc/controller/admin/index.lua
@@ -53,8 +53,9 @@ function action_logout()
 	local sauth = require "luci.sauth"
 	if dsp.context.authsession then
 		sauth.kill(dsp.context.authsession)
+		dsp.context.urltoken.stok = nil
 	end
 
-	luci.http.header("Set-Cookie", "sysauth=; path=/")
+	luci.http.header("Set-Cookie", "sysauth=; path=" .. dsp.build_url())
 	luci.http.redirect(luci.dispatcher.build_url())
 end
\ No newline at end of file
-- 
cgit v1.2.3