From 0909717c37cdf2ddadcddaf92d610f5243ec3c17 Mon Sep 17 00:00:00 2001 From: Nicolas Date: Wed, 10 Feb 2016 12:37:12 +0100 Subject: if php version is less than 7.0.3 and session_id exists do nothing --- include/functions_user.inc.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index ac85d1b47..f0d30ea49 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -945,10 +945,13 @@ function log_user($user_id, $remember_me) { // make sure we clean any remember me ... setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain')); } - if ( session_id()!="" and (version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) + if ( session_id()!="" ) { // we regenerate the session for security reasons // see http://www.acros.si/papers/session_fixation.pdf - session_regenerate_id(true); + if ((version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) + { + session_regenerate_id(true); + } } else { -- cgit v1.2.3