github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Patch session fixation vuln

Browse source 
Here's the documentation for that function:
http://php.net/manual/en/function.session-regenerate-id.php

And here's about session fixation:
https://www.owasp.org/index.php/Session_fixation
This commit is contained in:
Arinerron 2017-02-26 17:30:36 -08:00 committed by GitHub
commit c6393c8771
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/login/index.php
View file

@ -79,7 +79,9 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
else { else {
$_SESSION['language'] = 'en'; $_SESSION['language'] = 'en';
} }
// Regenerate session id to prevent session fixation
session_regenerate_id();
// Redirect request to control panel interface // Redirect request to control panel interface
if (!empty($_SESSION['request_uri'])) { if (!empty($_SESSION['request_uri'])) {