Regenerate the session id every time through login::_auth() to avoid session trapping.

author: Bharat Mediratta <bharat@menalto.com> 2009-05-27 01:58:46 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2009-05-27 01:58:46 -0700
commit: cc6cd7e1f364d9ad740f0a47172c79b3562da9ac (patch)
tree: 1bdabe98625eb77a34c6b3e1e0794c4a77aa67f2 /modules
parent: 0a66ddd2b4ea676e033102812232dd06644845e7 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 7853f725..6ee2e69d 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -69,6 +69,9 @@ class Login_Controller extends Controller {
       log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
+    // Either way, regenerate the session id to avoid session trapping
+    Session::instance()->regenerate();
+
     return array($valid, $form);
   }
 }
 \ No newline at end of file
author	Bharat Mediratta <bharat@menalto.com>	2009-05-27 01:58:46 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2009-05-27 01:58:46 -0700
commit	cc6cd7e1f364d9ad740f0a47172c79b3562da9ac (patch)
tree	1bdabe98625eb77a34c6b3e1e0794c4a77aa67f2 /modules
parent	0a66ddd2b4ea676e033102812232dd06644845e7 (diff)