From e4a27b8f34a226f9c198bcdaa92cf065da9d83bb Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Mon, 13 Mar 2006 21:48:55 +0000
Subject: [PATCH] - sa-2006-003: Session fixation issue

---
 modules/user.module      | 5 +++++
 modules/user/user.module | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/modules/user.module b/modules/user.module
index 859c6aa9c97e..069786fa74d3 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) {
     db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
 
     user_module_invoke('login', $form_values, $user);
+
+    $old_session_id = session_id();
+    session_regenerate_id();
+    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+
   }
 }
 
diff --git a/modules/user/user.module b/modules/user/user.module
index 859c6aa9c97e..069786fa74d3 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) {
     db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
 
     user_module_invoke('login', $form_values, $user);
+
+    $old_session_id = session_id();
+    session_regenerate_id();
+    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+
   }
 }
 
-- 
GitLab