[security] - Cookie session is not renewed or set after authentification

Requirements

The session cookie is being set on the login page prior to user being authenticated. It is wise to either renew it after authentication or to only set it up after logged in.

Descriptive title for this enhancement

[security] - Cookie session is not renewed or set after authentification

Actual behavior

Session cookie is being set prior to user authentication.

Expected behavior

Session cookie renewed or set after logged in method.

Step by step description of new behavior

1.Login 2.Session cookie set or renewed

Benefits

Avoid what we call a Session_Fixation security issue.

Possible Drawbacks

Possible re-writing on how sessions are initiated.

Applicable Issues

None