From 486c1f58fd44059951086ab9aca7586c679d8e26 Mon Sep 17 00:00:00 2001 From: cajus Date: Mon, 21 Apr 2008 06:59:55 +0000 Subject: [PATCH] Added session ID regeneration git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10572 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_session.inc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gosa-core/include/class_session.inc b/gosa-core/include/class_session.inc index 1127f6a2b..4773fe17d 100644 --- a/gosa-core/include/class_session.inc +++ b/gosa-core/include/class_session.inc @@ -73,6 +73,12 @@ class session { the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */ ini_set("session.gc_maxlifetime",24*60*60); session_start(); + + /* Regenerate ID to increase security */ + if (!isset($_SESSION['started'])){ + session_regenerate_id(); + $_SESSION['started'] = true; + } } public static function destroy() -- 2.30.2