Skip to content
Permalink
Browse files
prevent session fixation attacks
  • Loading branch information
aheinze committed Sep 26, 2021
1 parent 54423fc commit 0c6628cbff3e49bc317c97b03a4666b3a75f76cc
Showing with 5 additions and 0 deletions.
  1. +5 −0 modules/Cockpit/module/auth.php
@@ -47,6 +47,8 @@
'setUser' => function($user, $permanent = true) use($app) {

if ($permanent) {
// prevent session fixation attacks
session_regenerate_id(true);
$app('session')->write('cockpit.app.auth', $user);
}

@@ -73,6 +75,9 @@
'logout' => function() use($app) {
$app->trigger('cockpit.account.logout', [$this->getUser()]);
$app('session')->delete('cockpit.app.auth');

// prevent session fixation attacks
session_regenerate_id(true);
},

'hasaccess' => function($resource, $action, $group = null) use($app) {

0 comments on commit 0c6628c

Please sign in to comment.