Commit 69eb4be7 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'dm-session-delete-challenge' into 'master'

Delete correct key from `session` after authenticating using U2F

Closes #36096

See merge request !13499
parents e80a893f 8bfae74e
......@@ -69,7 +69,7 @@ module AuthenticatesWithTwoFactor
if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge])
# Remove any lingering user data from login
session.delete(:otp_user_id)
session.delete(:challenges)
session.delete(:challenge)
remember_me(user) if user_params[:remember_me] == '1'
sign_in(user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment