diff --git a/module/VuFind/src/VuFind/Auth/AbstractBase.php b/module/VuFind/src/VuFind/Auth/AbstractBase.php
index 2aa011756296c668e7df0470daa113eb66d41cc4..95c0d82ba00db2d7965313cb5d8920645c774cca 100644
--- a/module/VuFind/src/VuFind/Auth/AbstractBase.php
+++ b/module/VuFind/src/VuFind/Auth/AbstractBase.php
@@ -95,6 +95,17 @@ abstract class AbstractBase implements \VuFind\Db\Table\DbTableAwareInterface,
// By default, do no checking.
}
+ /**
+ * Reset any internal status; this is essentially an event hook which most auth
+ * modules can ignore. See ChoiceAuth for a use case example.
+ *
+ * @return void
+ */
+ public function resetState()
+ {
+ // By default, do no checking.
+ }
+
/**
* Set configuration.
*
diff --git a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
index e3239452b33c18cd632afbaae66d57bbcd25eb06..7c37b91a081b86be452ed21c46dc8ae9f3dba7f5 100644
--- a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
+++ b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
@@ -138,6 +138,17 @@ class ChoiceAuth extends AbstractBase
$this->setStrategyFromRequest($request);
}
+ /**
+ * Reset any internal status; this is essentially an event hook which most auth
+ * modules can ignore. See ChoiceAuth for a use case example.
+ *
+ * @return void
+ */
+ public function resetState()
+ {
+ $this->strategy = false;
+ }
+
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
diff --git a/module/VuFind/src/VuFind/Auth/Manager.php b/module/VuFind/src/VuFind/Auth/Manager.php
index ecb06dd50acf3f0e8d344f375649784dc2ba8302..69c93ae22d8d21ffb0e4c21e060be94bbbd72758 100644
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -558,6 +558,7 @@ class Manager implements \ZfcRbac\Identity\IdentityProviderInterface
if (!$this->getAuth()->getSessionInitiator(null)
&& !$this->csrf->isValid($request->getPost()->get('csrf'))
) {
+ $this->getAuth()->resetState();
throw new AuthException('authentication_error_technical');
}