aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-31 11:35:53 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-31 11:35:53 +0000
commitcfcb03d40034bd9a122eac309e149d7af7b44893 (patch)
tree0c2914a9ce46bd6ce9619a68d155a261af29f303 /engine/lib
parent977a543b3e12ae648ea958589a5d6f613421b06b (diff)
downloadelgg-cfcb03d40034bd9a122eac309e149d7af7b44893.tar.gz
elgg-cfcb03d40034bd9a122eac309e149d7af7b44893.tar.bz2
Regenerates session ID on user login. This helps prevent some hijacking attacks.
git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/sessions.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 92aeb92a2..c6ae6f8d4 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,7 +127,10 @@
unset($_SESSION['user']);
setcookie("elggperm", "", (time()-(86400 * 30)),"/");
return false;
- }
+ }
+
+ // Users privilege has been elevated, so change the session id (help prevent session hijacking)
+ session_regenerate_id();
return true;