Browse files

MDL-19962 new option for forcing of regeneration of the session id du…

…ring each login request
  • Loading branch information...
skodak committed Aug 6, 2009
1 parent 58d1d16 commit b8451e289e677a9122e251905c2c2a80e2ad71e0
Showing with 8 additions and 0 deletions.
  1. +1 −0 admin/settings/security.php
  2. +2 −0 lang/en_utf8/admin.php
  3. +5 −0 lib/moodlelib.php
@@ -65,6 +65,7 @@
$temp->add(new admin_setting_configcheckbox('loginhttps', get_string('loginhttps', 'admin'), get_string('configloginhttps', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiesecure', get_string('cookiesecure', 'admin'), get_string('configcookiesecure', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
+ $temp->add(new admin_setting_configcheckbox('sessionloginreset', get_string('sessionloginreset', 'admin'), get_string('configsessionloginreset', 'admin'), 0));
$ADMIN->add('security', $temp);
@@ -208,6 +208,7 @@
$string['configrcachettl'] = 'Time-to-live for cached records, in seconds. Use a short (<15) value here.';
$string['configrecaptchaprivatekey'] = 'String of characters used to communicate between your Moodle server and the server. Obtain one for this site by visiting';
$string['configrecaptchapublickey'] = 'String of characters used to display the reCAPTCHA element in the signup form. Generated by';
+$string['configregenloginsession'] = 'Regeneration of the session id during each login request is highly recommended. This setting might not be compatible with some authentication plugins.';
$string['configrequestedstudentname'] = 'Word for student used in requested courses';
$string['configrequestedstudentsname'] = 'Word for students used in requested courses';
$string['configrequestedteachername'] = 'Word for teacher used in requested courses';
@@ -644,6 +645,7 @@
$string['rcachettl'] = 'Record cache TTL';
$string['recaptchapublickey'] = 'ReCAPTCHA public key';
$string['recaptchaprivatekey'] = 'ReCAPTCHA private key';
+$string['regenloginsession'] = 'Regenerate session id during login';
$string['releasenoteslink'] = 'For information about this version of Moodle, please see the online <a target=\"_blank\" href=\"$a\">Release Notes</a>';
$string['remotelangnotavailable'] = 'Because Moodle can not connect to, we are unable to do language pack installation automatically. Please download the appropriate zip file(s) from the list below, copy them to your $a directory and unzip them manually.';
$string['renameerrors'] = 'Rename errors';
@@ -3232,6 +3232,11 @@ function complete_user_login($user) {
$USER = $user; // this is required because we need to access preferences here!
+ if (!empty($CFG->regenloginsession)) {
+ // please note this setting may break some auth plugins
+ session_regenerate_id();
+ }

0 comments on commit b8451e2

Please sign in to comment.