From 0550fe0ffa4e5569bd7ca28354ca282ca2ef2825 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 12 May 2020 10:31:54 -0700
Subject: [PATCH] Fix for session fixation vulnerability

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Auth/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 78207e8f5..b9b238167 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -303,8 +303,8 @@ class LoginController extends Controller
      */
     public function logout(Request $request)
     {
-        $request->session()->forget('2fa_authed');
 
+        $request->session()->regenerate(true);
         Auth::logout();
 
         $settings = Setting::getSettings();