From bdfa2d2d6892f265211cf7b38ffad820d5260623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Bar=C3=A1=C5=A1ek?= Date: Tue, 5 Jan 2021 18:27:30 +0100 Subject: [PATCH] SessionStorage: Fix clearing identity in case of clearAuthentication(true). --- src/Bridges/SecurityHttp/SessionStorage.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Bridges/SecurityHttp/SessionStorage.php b/src/Bridges/SecurityHttp/SessionStorage.php index 0f904d26..2c27fc67 100644 --- a/src/Bridges/SecurityHttp/SessionStorage.php +++ b/src/Bridges/SecurityHttp/SessionStorage.php @@ -57,6 +57,9 @@ public function clearAuthentication(bool $clearIdentity): void $section->authenticated = false; $section->reason = self::LOGOUT_MANUAL; $section->authTime = null; + if ($clearIdentity === true) { + $section->identity = null; + } // Session Fixation defence $this->sessionHandler->regenerateId();