Skip to content
Permalink
Browse files Browse the repository at this point in the history
#2870 - session fixation
  • Loading branch information
abrookbanks committed May 20, 2021
1 parent 99d5c50 commit aac7b3a
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 0 deletions.
1 change: 1 addition & 0 deletions classes/admin.class.php
Expand Up @@ -349,6 +349,7 @@ private function _authenticate($username, $password)
if ($result) {
if (!$GLOBALS['session']->blocked()) {
$this->_logged_in = true;
$GLOBALS['session']->regenerateSessionId();
$update = array(
'blockTime' => 0,
'browser' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']),
Expand Down
7 changes: 7 additions & 0 deletions classes/session.class.php
Expand Up @@ -528,6 +528,13 @@ public function isEmpty($name, $namespace)
return empty($_SESSION[$namespace][$name]);
}

public function regenerateSessionId() {
$old_session = $this->getId();
session_regenerate_id();
Database::getInstance()->update('CubeCart_sessions', array('session_id' => $this->getId()), array('session_id' => $old_session), false);
$this->set_cookie(session_name(), session_id(), time()+$this->_session_timeout);
}

/**
* Set a session value to something
*
Expand Down
1 change: 1 addition & 0 deletions classes/user.class.php
Expand Up @@ -275,6 +275,7 @@ public function authenticate($username, $password, $remember = false, $from_cook
}
if (!$GLOBALS['session']->blocked()) {
// possibly replaceable with session_set_save_handler?
$GLOBALS['session']->regenerateSessionId();
$GLOBALS['db']->update('CubeCart_sessions', array('customer_id' => $user[0]['customer_id']), array('session_id' => $GLOBALS['session']->getId()));
$GLOBALS['db']->update('CubeCart_cookie_consent', array('customer_id' => $user[0]['customer_id']), array('session_id' => $GLOBALS['session']->getId()));
$GLOBALS['session']->set('language', $user[0]['language'], 'client');
Expand Down

0 comments on commit aac7b3a

Please sign in to comment.