From e5adebd1d759d29e2be593ff67ac4263a8584554 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Tue, 29 Dec 2015 20:55:23 -0500
Subject: [PATCH] [Security] Reset wsEditToken on login

Bug: T122056
Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed
---
 includes/specials/SpecialUserlogin.php | 3 ++-
 includes/user/User.php                 | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index fec1e3a..562d982 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -1616,7 +1616,8 @@ class LoginForm extends SpecialPage {
 		if ( $wgSecureLogin && !$this->mStickHTTPS ) {
 			$wgCookieSecure = false;
 		}
-
+		// Always make sure edit token is regenerated. (T114419)
+		$this->getRequest()->setSessionData( 'wsEditToken', null );
 		wfResetSessionID();
 	}
 
diff --git a/includes/user/User.php b/includes/user/User.php
index 8fa430f..669ac85 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -3655,11 +3655,14 @@ class User implements IDBAccessObject {
 		$this->clearInstanceCache( 'defaults' );
 
 		$this->getRequest()->setSessionData( 'wsUserID', 0 );
+		$this->getRequest()->setSessionData( 'wsEditToken', null );
 
 		$this->clearCookie( 'UserID' );
 		$this->clearCookie( 'Token' );
 		$this->clearCookie( 'forceHTTPS', false, array( 'prefix' => '' ) );
 
+		wfResetSessionID();
+
 		// Remember when user logged out, to prevent seeing cached pages
 		$this->setCookie( 'LoggedOut', time(), time() + 86400 );
 	}
-- 
2.0.1