Bug 1760 fixed : Avoid session fixation

After connection, session id is changed using session_regenerate_id but without removing old session. Passing param true makes the job. git-svn-id: http://piwigo.org/svn/trunk@6660 68402e56-0260-453c-a942-63ccdbb3a9ee
author: nikrou <nikrou@piwigo.org> 2010-07-05 19:34:15 +0000
committer: nikrou <nikrou@piwigo.org> 2010-07-05 19:34:15 +0000
commit: c1414297fb6ad08befb44bc78fc62e00e19ba8d5 (patch)
tree: 1daf84aa07abce4e1511d196f5ed92e03a3c9e19
parent: 8fa8880122707f8ebfffddc56535b54ac1d2f26f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 6eb733bce..090c2e701 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1100,7 +1100,7 @@ function log_user($user_id, $remember_me)
   if ( session_id()!="" )
   { // we regenerate the session for security reasons
     // see http://www.acros.si/papers/session_fixation.pdf
-    session_regenerate_id();
+    session_regenerate_id(true);
   }
   else
   {
author	nikrou <nikrou@piwigo.org>	2010-07-05 19:34:15 +0000
committer	nikrou <nikrou@piwigo.org>	2010-07-05 19:34:15 +0000
commit	c1414297fb6ad08befb44bc78fc62e00e19ba8d5 (patch)
tree	1daf84aa07abce4e1511d196f5ed92e03a3c9e19
parent	8fa8880122707f8ebfffddc56535b54ac1d2f26f (diff)