delete session after password change

2022-05-20 19:17:35 +02:00 · 2022-05-20 19:17:35 +02:00 · c3ff1bc2b5
commit c3ff1bc2b5
parent 61509f6010
1 changed files with 1 additions and 0 deletions
--- a/tresetter.py
+++ b/tresetter.py
@ -245,6 +245,7 @@ async def change(req: ChangeData, session_id: str = Cookie(None)) -> SuccessData
    hashed = session["proposed_password_hash"]
    if not kdf_verify(hashed, req.password):
        raise HTTPException(status_code=409)
+    delete_session(session_id)

    success = change_password(session["username"], req.password)
    return SuccessData(success=success)