[security] - Cookie session is not renewed or set after authentification
Requirements
The session cookie is being set on the login page prior to user being authenticated. It is wise to either renew it after authentication or to only set it up after logged in.
Descriptive title for this enhancement
[security] - Cookie session is not renewed or set after authentification
Actual behavior
Session cookie is being set prior to user authentication.
Expected behavior
Session cookie renewed or set after logged in method.
Step by step description of new behavior
1.Login 2.Session cookie set or renewed
Benefits
Avoid what we call a Session_Fixation security issue.
Possible Drawbacks
Possible re-writing on how sessions are initiated.
Applicable Issues
None