Changeset 6660


Ignore:
Timestamp:
07/05/10 21:34:15 (10 years ago)
Author:
nikrou
Message:

Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_user.inc.php

    r6652 r6660  
    11011101  { // we regenerate the session for security reasons 
    11021102    // see http://www.acros.si/papers/session_fixation.pdf 
    1103     session_regenerate_id(); 
     1103    session_regenerate_id(true); 
    11041104  } 
    11051105  else 
Note: See TracChangeset for help on using the changeset viewer.