From aaf236aebebec53b6c5231956175b0badddcfc5e Mon Sep 17 00:00:00 2001
From: Thibault Dockx <thibault.dockx@fusiondirectory.org>
Date: Tue, 11 Mar 2025 10:16:41 +0000
Subject: [PATCH] :ambulance: (login) - session fix security

Security purposes - regen session id
---
 include/login/class_LoginMethod.inc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/login/class_LoginMethod.inc b/include/login/class_LoginMethod.inc
index 9ea359ef1..b818bd596 100755
--- a/include/login/class_LoginMethod.inc
+++ b/include/login/class_LoginMethod.inc
@@ -160,8 +160,7 @@ class LoginMethod
     $ui = session::get('ui');
 
     // Create new session ID in order to have session_fixation security issues after success login
-    echo 'before_refreshing_id';
-    //session_regenerate_id();
+    session_regenerate_id();
 
     /* Not account expired or password forced change go to main page */
     logging::log('security', 'login', $ui->uid, [], 'Logged in successfully');
-- 
GitLab