summaryrefslogtreecommitdiffstats
path: root/modules/user/user.module
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/user.module')
-rw-r--r--modules/user/user.module2
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index 1e689a5..c5cadd6 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1149,6 +1149,8 @@ function user_pass_reset($uid, $timestamp, $hashed_pass, $action = NULL) {
$user = $account;
// And proceed with normal login, going to user page.
$edit = array();
+ // Regenerate the session ID to prevent against session fixation attacks.
+ sess_regenerate();
user_module_invoke('login', $edit, $user);
drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
drupal_goto('user/'. $user->uid .'/edit');