Merge pull request #4 from connortechnology/regenerate_session

On successful login, tell php to regenerate the session id
SteveGilvarry · Jan 12, 2017 · a0958f9 · a0958f9
2 parents 1c948d5 + 794043c
commit a0958f9
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/web/includes/functions.php b/web/includes/functions.php
@@ -56,6 +56,7 @@ function userLogin( $username, $password="", $passwordHashed=false ) {
     if ( ZM_AUTH_TYPE == "builtin" ) {
       $_SESSION['passwordHash'] = $user['Password'];
     }
+    session_regenerate_id();
   } else {
     Warning( "Login denied for user \"$username\"" );
     $_SESSION['loginFailed'] = true;