From d9a21c8d0c099ee3c63f5e5efe341fe6fa2f473d Mon Sep 17 00:00:00 2001
From: Jason Williams <jaswilli@gmail.com>
Date: Mon, 16 Jun 2014 19:40:59 +0000
Subject: [PATCH] Fix csrfSecret handling

Closes #2974
-use req.session.csrfSecret instead of _csrfSecret.
-clear username and password properties from the signin controller.
---
 ghost/admin/routes/signin.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ghost/admin/routes/signin.js b/ghost/admin/routes/signin.js
index d9446a2cbf..32b42325aa 100644
--- a/ghost/admin/routes/signin.js
+++ b/ghost/admin/routes/signin.js
@@ -23,6 +23,14 @@ var SigninRoute = Ember.Route.extend(styleBody, {
                     headers: {'X-CSRF-Token': this.get('csrf')},
                     data: data
                 }).then(function (response) {
+                    // once the email and password are pulled from the controller
+                    // they need to be cleared, or they will reappear next time the signin
+                    // page is visited
+                    controller.setProperties({
+                        email: '',
+                        password: ''
+                    });
+
                     self.store.pushPayload({users: [response.userData]});
                     return self.store.find('user', response.userData.id);
                 }).then(function (user) {