Prior to this patch, two cookies with the same name were sent, the first one was to destroy the cookie, and the second one to create it
@@ -236,8 +236,8 @@ class FreshRSS_FormAuth {
public static function deleteCookie() {
$token = Minz_Session::getLongTermCookie('FreshRSS_login');
- Minz_Session::deleteLongTermCookie('FreshRSS_login');
if (ctype_alnum($token)) {
+ Minz_Session::deleteLongTermCookie('FreshRSS_login');
@unlink(DATA_PATH . '/tokens/' . $token . '.txt');
}
Alexandre Alapetite