From d2d1a754487f7b5450a8cd739c7c04a23caa81dd Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Fri, 12 Jun 2026 17:38:58 -0400
Subject: [PATCH] Generate CSRF Token during Client Portal login when using
 Entra

---
 client/login_microsoft.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/login_microsoft.php b/client/login_microsoft.php
index f3ff3042..bb5c59f1 100644
--- a/client/login_microsoft.php
+++ b/client/login_microsoft.php
@@ -125,6 +125,7 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
                 $_SESSION['user_id'] = $user_id;
                 $_SESSION['user_type'] = 2;
                 $_SESSION['contact_id'] = $contact_id;
+                $_SESSION['csrf_token'] = randomString(32);
                 $_SESSION['login_method'] = "azure";
 
                 // Logging