diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 14:26:50 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 14:26:50 -0300 |
| commit | ff9b30ec40be6d3edb08953083a4c69ec7e73e71 (patch) | |
| tree | a1d8fb986af45e5af44f7088352361724dc8fefd | |
| parent | 62480a449efcbce74a48fbe7064193acd0290650 (diff) | |
| download | pfsense-ff9b30ec40be6d3edb08953083a4c69ec7e73e71.zip pfsense-ff9b30ec40be6d3edb08953083a4c69ec7e73e71.tar.gz | |
Re-generate session ID on a successful login to avoid session fixation
| -rw-r--r-- | etc/inc/auth.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 6835c71..fa57b15 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1361,6 +1361,7 @@ function session_auth() { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { + session_regenerate_id(); $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; $_SESSION['last_access'] = time(); |
