aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2010-07-05 19:35:36 +0000
committernikrou <nikrou@piwigo.org>2010-07-05 19:35:36 +0000
commit6b8e08936c40867aa41710f4625f6e95a4c424cf (patch)
tree5ec69be79fea1d51ce66426258e5e985b25fdf7c
parent439f78a8184b80655cf3b169981e833fdfb967a7 (diff)
Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id but without removing old session. Passing param true makes the job Merge from trunk git-svn-id: http://piwigo.org/svn/branches/2.1@6661 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/functions_user.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 6eb733bce..090c2e701 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1100,7 +1100,7 @@ function log_user($user_id, $remember_me)
if ( session_id()!="" )
{ // we regenerate the session for security reasons
// see http://www.acros.si/papers/session_fixation.pdf
- session_regenerate_id();
+ session_regenerate_id(true);
}
else
{