From cfcb03d40034bd9a122eac309e149d7af7b44893 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 31 Aug 2008 11:35:53 +0000
Subject: Regenerates session ID on user login. This helps prevent some
 hijacking attacks.

git-svn-id: https://code.elgg.org/elgg/trunk@2046 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/sessions.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'engine/lib')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 92aeb92a2..c6ae6f8d4 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,7 +127,10 @@
 	            unset($_SESSION['user']);
 	            setcookie("elggperm", "", (time()-(86400 * 30)),"/");
             	return false;
-            }
+            }
+            
+            // Users privilege has been elevated, so change the session id (help prevent session hijacking)
+	        session_regenerate_id(); 
 
 			return true;
 				
-- 
cgit v1.2.3