Changeset 6661


Ignore:
Timestamp:
Jul 5, 2010, 9:35:36 PM (10 years ago)
Author:
nikrou
Message:

Bug 1760 fixed : Avoid session fixation
After connection, session id is changed using session_regenerate_id
but without removing old session. Passing param true makes the job

Merge from trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/include/functions_user.inc.php

    r6653 r6661  
    11011101  { // we regenerate the session for security reasons
    11021102    // see http://www.acros.si/papers/session_fixation.pdf
    1103     session_regenerate_id();
     1103    session_regenerate_id(true);
    11041104  }
    11051105  else
Note: See TracChangeset for help on using the changeset viewer.