From c6393c87714cab458aaba5e652f42504a2b25293 Mon Sep 17 00:00:00 2001
From: Arinerron <me@arinerron.com>
Date: Sun, 26 Feb 2017 17:30:36 -0800
Subject: [PATCH] Patch session fixation vuln

Here's the documentation for that function:
http://php.net/manual/en/function.session-regenerate-id.php

And here's about session fixation:
https://www.owasp.org/index.php/Session_fixation
---
 web/login/index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/login/index.php b/web/login/index.php
index 9edcfbb78..bc9842edf 100644
--- a/web/login/index.php
+++ b/web/login/index.php
@@ -79,7 +79,9 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
         else {
             $_SESSION['language'] = 'en';
         }
-
+        
+        // Regenerate session id to prevent session fixation
+        session_regenerate_id();
 
         // Redirect request to control panel interface
         if (!empty($_SESSION['request_uri'])) {