From: cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 21 Apr 2008 06:59:55 +0000 (+0000)
Subject: Added session ID regeneration
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=486c1f58fd44059951086ab9aca7586c679d8e26;p=gosa.git

Added session ID regeneration


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10572 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/class_session.inc b/gosa-core/include/class_session.inc
index 1127f6a2b..4773fe17d 100644
--- a/gosa-core/include/class_session.inc
+++ b/gosa-core/include/class_session.inc
@@ -73,6 +73,12 @@ class session {
 		   the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */
 		ini_set("session.gc_maxlifetime",24*60*60);
 		session_start();
+
+    /* Regenerate ID to increase security */
+    if (!isset($_SESSION['started'])){
+      session_regenerate_id();
+      $_SESSION['started'] = true;
+    }
 	}
 
 	public static function destroy()