Context Navigation

← Previous Changeset
Next Changeset →

Changeset 6661

Timestamp:

Jul 5, 2010, 9:35:36 PM (14 years ago)

Author:

nikrou

Message:

Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job

Merge from trunk

File:

: 1 edited

branches/2.1/include/functions_user.inc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

branches/2.1/include/functions_user.inc.php

r6653	r6661
1101	1101	{ // we regenerate the session for security reasons
1102	1102	// see http://www.acros.si/papers/session_fixation.pdf
1103		session_regenerate_id();
	1103	session_regenerate_id(true);
1104	1104	}
1105	1105	else

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats:

Unified Diff
Zip Archive