fix csrf token generation in LoginController loginAction (#437)

first check, if csrf token is still, otherwise regnerate with force = true
pimcore · Jul 2, 2024 · b945f8f · b945f8f
1 parent cfc797e
commit b945f8f
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/Controller/Admin/LoginController.php b/src/Controller/Admin/LoginController.php
@@ -114,7 +114,10 @@ public function loginAction(
             return new RedirectResponse($redirectUrl);
         }
 
-        $csrfProtection->regenerateCsrfToken($request->getSession());
+        // check csrf token before generating a new one with force=true
+        if (!$csrfProtection->getCsrfToken($request->getSession())) {
+            $csrfProtection->regenerateCsrfToken($request->getSession());
+        }
 
         $user = $this->getUser();
         if ($user instanceof UserInterface) {