Context Navigation

← Previous Change
Next Change →

Changeset 6660 for trunk/include

Timestamp:

Jul 5, 2010, 9:34:15 PM (14 years ago)

Author:

nikrou

Message:

Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job.

File:

: 1 edited

trunk/include/functions_user.inc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/include/functions_user.inc.php

r6652	r6660
1101	1101	{ // we regenerate the session for security reasons
1102	1102	// see http://www.acros.si/papers/session_fixation.pdf
1103		session_regenerate_id();
	1103	session_regenerate_id(true);
1104	1104	}
1105	1105	else

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

Unified Diff
Zip Archive