diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 14:27:45 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 14:27:45 -0300 |
commit | 3034b371853240299c8510782e4546896710b9b8 (patch) | |
tree | 57e7ad2acc1577a8aa10bfe08e277ea4dd29f289 /etc/inc | |
parent | ff9b30ec40be6d3edb08953083a4c69ec7e73e71 (diff) | |
download | pfsense-3034b371853240299c8510782e4546896710b9b8.zip pfsense-3034b371853240299c8510782e4546896710b9b8.tar.gz |
Add comment I forgot on last commit
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/auth.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index fa57b15..b0051dd 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1361,6 +1361,7 @@ function session_auth() { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { + // Generate a new id to avoid session fixation session_regenerate_id(); $_SESSION['Logged_In'] = "True"; $_SESSION['Username'] = $_POST['usernamefld']; |