From c8aa75b5ef36df20cfe1dcb18832829666b2445c Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Fri, 13 Jul 2018 19:35:20 -0700
Subject: [PATCH] web: ensure that login token is valid for 24 hours

---
 html/inc/account.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/inc/account.inc b/html/inc/account.inc
index b866a52be4..14070fc521 100644
--- a/html/inc/account.inc
+++ b/html/inc/account.inc
@@ -26,6 +26,7 @@
 function make_login_token($user) {
     $now = time();
     if ($now - $user->login_token_time < 86400) {
+        $user->update("login_token_time=$now");
         return $user->login_token;
     }
     $token = substr(random_string(), 0, 8);