Commit 3c20b2d6 authored by Aaron Wells's avatar Aaron Wells Committed by Gerrit Code Review
Browse files

Merge "Bug 1567784: session_regenerate_id() not working" into 16.04_STABLE

parents 0e3be156 16305b41
......@@ -405,6 +405,27 @@ class Session {
}
}
/**
* Regenerate session id. This does *not* clear the $_SESSION object
* or the session data on the server. It just changes the user's
* session ID. You should do this whenever a user logs in or otherwise
* changes their permission level, to avoid session fixation attacks.
*
* If you want to clear the session, call $SESSION->destroy_session()
*
* @return boolean
*/
public function regenerate_id() {
$this->ensure_session();
$result = session_regenerate_id(true);
$this->sessionid = session_id();
if (!$result) {
log_warn("session_regenerate_id() failed");
}
$this->ro_session();
return $result;
}
/**
* Find out if the session has been started yet
*/
......
......@@ -1660,7 +1660,7 @@ class LiveUser extends User {
}
$this->populate($user);
session_regenerate_id(true);
$this->SESSION->regenerate_id();
$time = time();
$this->lastlastlogin = $this->lastlogin;
$this->lastlogin = $time;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment