From 6b8e08936c40867aa41710f4625f6e95a4c424cf Mon Sep 17 00:00:00 2001 From: nikrou Date: Mon, 5 Jul 2010 19:35:36 +0000 Subject: Bug 1760 fixed : Avoid session fixation After connection, session id is changed using session_regenerate_id but without removing old session. Passing param true makes the job Merge from trunk git-svn-id: http://piwigo.org/svn/branches/2.1@6661 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/functions_user.inc.php') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 6eb733bce..090c2e701 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1100,7 +1100,7 @@ function log_user($user_id, $remember_me) if ( session_id()!="" ) { // we regenerate the session for security reasons // see http://www.acros.si/papers/session_fixation.pdf - session_regenerate_id(); + session_regenerate_id(true); } else { -- cgit v1.2.3