Skip to content

Commit

Permalink
Bug 1760 fixed : Avoid session fixation
Browse files Browse the repository at this point in the history 
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job.

git-svn-id: http://piwigo.org/svn/trunk@6660 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
nikrou committed Jul 5, 2010
1 parent 8fa8880 commit c141429
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion include/functions_user.inc.php
View file
Expand Up @@ -1100,7 +1100,7 @@ function log_user($user_id, $remember_me)
if ( session_id()!="" )
{ // we regenerate the session for security reasons
// see http://www.acros.si/papers/session_fixation.pdf
session_regenerate_id();
session_regenerate_id(true);
}
else
{
Expand Down

0 comments on commit c141429

Please sign in to comment.