summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Wittens2006-03-14 01:19:55 +0000
committerSteven Wittens2006-03-14 01:19:55 +0000
commit513068932580a65821736667fcf5e0e6d9e6c386 (patch)
treed43a176bb6ebb87e67b63a1b3a7504adfeb177d5
parent8b12ba7d41d3d1f2d96eff6b6e86dfb8c4b1c65c (diff)
- sa-2006-003: Session fixation issue4.5.8
-rw-r--r--modules/user.module6
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/user.module b/modules/user.module
index ae24c91..658a097 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -792,6 +792,12 @@ function user_login($edit = array(), $msg = '') {
user_module_invoke('login', $edit, $user);
+ if (function_exists('session_regenerate_id')) {
+ $old_session_id = session_id();
+ session_regenerate_id();
+ db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+ }
+
// Redirect the user to the page he logged on from.
drupal_goto($edit['destination']);
}