Skip to content
Permalink
Browse files
Regenerate session ID helps prevent Session Fixation
  • Loading branch information
ignacionelson committed Jul 30, 2021
1 parent 1d90d54 commit 86b3a9fc782ce0135a1ebc213bc081007a5d24cd
Showing with 3 additions and 0 deletions.
  1. +3 −0 includes/Classes/Auth.php
@@ -49,6 +49,8 @@ private function login($user)
else {
$_SESSION['access'] = 'admin';
}

session_regenerate_id(true);
}

public function authenticate($username, $password)
@@ -399,6 +401,7 @@ public function logout($error_code = null)
header("Cache-control: private");
$_SESSION = array();
session_destroy();
session_regenerate_id(true);

global $hybridauth;
if (!empty($hybridauth)) {

0 comments on commit 86b3a9f

Please sign in to comment.