From 910e1d11e3ceea75b5206bf30850bcdccd27fad0 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 4 May 2018 12:16:43 +0200
Subject: [PATCH] set password, kill user_shouldChangePassword after successful
 reset

---
 src/www/system_usermanager_passwordmg.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/www/system_usermanager_passwordmg.php b/src/www/system_usermanager_passwordmg.php
index 0855e6910..0b56ad23d 100644
--- a/src/www/system_usermanager_passwordmg.php
+++ b/src/www/system_usermanager_passwordmg.php
@@ -85,7 +85,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $config['system']['user'][$userindex[$username]]['pwd_changed_at'] = microtime(true);
         }
         if (!empty($_SESSION['user_shouldChangePassword'])) {
+            session_start();
             unset($_SESSION['user_shouldChangePassword']);
+            session_write_close();
         }
         if ($pconfig['passwordfld1'] !== '' || $pconfig['passwordfld2'] !== '') {
             local_user_set_password($config['system']['user'][$userindex[$username]], $pconfig['passwordfld1']);