From f04e4d8b4fe338680f5931bc1609b9201c6cd023 Mon Sep 17 00:00:00 2001 From: plg Date: Wed, 27 Jan 2016 15:36:00 +0100 Subject: bug #408 fixed, no session_regenerate_id on early PHP 7 versions --- include/functions_user.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 65ddef1ca..2b9d48752 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -945,7 +945,7 @@ function log_user($user_id, $remember_me) { // make sure we clean any remember me ... setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain')); } - if ( session_id()!="" ) + if ( session_id()!="" and (version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) { // we regenerate the session for security reasons // see http://www.acros.si/papers/session_fixation.pdf session_regenerate_id(true); @@ -1597,4 +1597,4 @@ SELECT return create_user_auth_key($user_id, $user_status); } } -?> \ No newline at end of file +?> -- cgit v1.2.3