From 0f9b2988e5e2be12858d2429f20c2044797f30d7 Mon Sep 17 00:00:00 2001
From: Andrew H <crazy4sb@gmail.com>
Date: Mon, 21 Dec 2015 21:16:01 +0000
Subject: [PATCH] SECURITY: Remove tokens from session when the user logs out

Bug: T122056
Change-Id: Ica0519d18171feeb359bbbe59c37b38e16cbdafd
---
 includes/user/User.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/user/User.php b/includes/user/User.php
index fed9664..92a1dff 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -3656,6 +3656,7 @@ class User implements IDBAccessObject {
 		$this->clearInstanceCache( 'defaults' );
 
 		$this->getRequest()->setSessionData( 'wsUserID', 0 );
+		$this->getRequest()->setSessionData( 'wsEditToken', '' );
 
 		$this->clearCookie( 'UserID' );
 		$this->clearCookie( 'Token' );
@@ -4129,7 +4130,7 @@ class User implements IDBAccessObject {
 			return self::EDIT_TOKEN_SUFFIX;
 		} else {
 			$token = $request->getSessionData( 'wsEditToken' );
-			if ( $token === null ) {
+			if ( $token === null || strlen( $token ) === 0 ) {
 				$token = MWCryptRand::generateHex( 32 );
 				$request->setSessionData( 'wsEditToken', $token );
 			}
-- 
1.9.1