protect login form submission from CSRF using a request token

1 files changed, 1 insertions, 0 deletions

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 7384af39c..2bd663c83 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -253,6 +253,7 @@ class rcube_session
    */
   public function kill()
   {
+    $this->vars = false;
     $this->destroy(session_id());
     rcmail::setcookie($this->cookiename, '-del-', time() - 60);
   }