From a8d0f8482926e7780edc6ffa60f772da1f20e40a Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Wed, 17 Oct 2012 17:26:12 +0200
Subject: [PATCH] Resetting the password should also invalidate the token login
 cookies

---
 core/lostpassword/controller.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php
index 6037fefa4b..e616fe7dff 100644
--- a/core/lostpassword/controller.php
+++ b/core/lostpassword/controller.php
@@ -67,6 +67,7 @@ class OC_Core_LostPassword_Controller {
 			if (isset($_POST['password'])) {
 				if (OC_User::setPassword($args['user'], $_POST['password'])) {
 					OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
+					OC_User::unsetMagicInCookie();
 					self::displayResetPasswordPage(true, $args);
 				} else {
 					self::displayResetPasswordPage(false, $args);
-- 
GitLab