Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Regenerate the sessionID after login.
This is to prevent attacks where someone starts a session on a public computer, notes the session ID, then when another user logs in (with the same sessionID), the first user is able to hijack the session. This way each login results in a new session ID, so anyone snooping the old ID is out of luck.
- Loading branch information