archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bug 1760 fixed : Avoid session fixation

Browse source 
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job

Merge from trunk

git-svn-id: http://piwigo.org/svn/branches/2.1@6661 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
nikrou 2010-07-05 19:35:36 +00:00
parent 439f78a818
commit 6b8e08936c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/functions_user.inc.php
View file

@ -1100,7 +1100,7 @@ function log_user($user_id, $remember_me)
if ( session_id()!="" )
{ // we regenerate the session for security reasons
// see http://www.acros.si/papers/session_fixation.pdf
session_regenerate_id();
session_regenerate_id(true);
}
else
{