diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-31 11:35:53 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-31 11:35:53 +0000 |
| commit | cfcb03d40034bd9a122eac309e149d7af7b44893 (patch) | |
| tree | 0c2914a9ce46bd6ce9619a68d155a261af29f303 /engine/lib/sessions.php | |
| parent | 977a543b3e12ae648ea958589a5d6f613421b06b (diff) | |
| download | elgg-cfcb03d40034bd9a122eac309e149d7af7b44893.tar.gz elgg-cfcb03d40034bd9a122eac309e149d7af7b44893.tar.bz2 | |
Regenerates session ID on user login. This helps prevent some hijacking attacks.
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/sessions.php')
| -rw-r--r-- | engine/lib/sessions.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 92aeb92a2..c6ae6f8d4 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -127,7 +127,10 @@ unset($_SESSION['user']);
setcookie("elggperm", "", (time()-(86400 * 30)),"/");
return false;
- }
+ } + + // Users privilege has been elevated, so change the session id (help prevent session hijacking) + session_regenerate_id();
return true;
|