From cc6cd7e1f364d9ad740f0a47172c79b3562da9ac Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 27 May 2009 01:58:46 -0700 Subject: Regenerate the session id every time through login::_auth() to avoid session trapping. --- modules/user/controllers/login.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 7853f725..6ee2e69d 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -69,6 +69,9 @@ class Login_Controller extends Controller { log::info("user", t("User %name logged in", array("name" => $user->name))); } + // Either way, regenerate the session id to avoid session trapping + Session::instance()->regenerate(); + return array($valid, $form); } } \ No newline at end of file -- cgit v1.2.3