Commit a923f51b authored by Aaron Wells's avatar Aaron Wells
Browse files

Bug 1567784: session_regenerate_id() not working

We have existing code that tries to regenerate your
session ID when you log in. But it stopped working
in PHP 15.04 because the session has usually been
closed when it gets called.

Change-Id: I5f99cdf355892040866bb0113fd934e3d37bf33c
behatnotneeded: Can't be tested by behat
parent 83ec33f2
......@@ -402,6 +402,27 @@ class Session {
* Regenerate session id. This does *not* clear the $_SESSION object
* or the session data on the server. It just changes the user's
* session ID. You should do this whenever a user logs in or otherwise
* changes their permission level, to avoid session fixation attacks.
* If you want to clear the session, call $SESSION->destroy_session()
* @return boolean
public function regenerate_id() {
$result = session_regenerate_id(true);
$this->sessionid = session_id();
if (!$result) {
log_warn("session_regenerate_id() failed");
return $result;
* Find out if the session has been started yet
......@@ -1660,7 +1660,7 @@ class LiveUser extends User {
$time = time();
$this->lastlastlogin = $this->lastlogin;
$this->lastlogin = $time;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment