Commit e4a27b8f authored by Steven Wittens's avatar Steven Wittens

- sa-2006-003: Session fixation issue

parent b6dba27a
......@@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) {
db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
user_module_invoke('login', $form_values, $user);
$old_session_id = session_id();
session_regenerate_id();
db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
}
}
......
......@@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) {
db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
user_module_invoke('login', $form_values, $user);
$old_session_id = session_id();
session_regenerate_id();
db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment