From 97838fbaad60b3a126f7bec6cc1dc048bc3e35e9 Mon Sep 17 00:00:00 2001
From: Adirelle <adirelle@gmail.com>
Date: Sun, 8 Mar 2015 17:53:27 +0100
Subject: [PATCH] Generate an new session identifier on successful login to
 prevent session fixation attacks.

---
 PHPCI/Controller/SessionController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/PHPCI/Controller/SessionController.php b/PHPCI/Controller/SessionController.php
index 8fa9d48b..6ad2681e 100644
--- a/PHPCI/Controller/SessionController.php
+++ b/PHPCI/Controller/SessionController.php
@@ -53,6 +53,7 @@ class SessionController extends \PHPCI\Controller
                 $user = $this->userStore->getByEmail($this->getParam('email'));
 
                 if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {
+                    session_regenerate_id(true);
                     $_SESSION['phpci_user_id']    = $user->getId();
                     $response = new b8\Http\Response\RedirectResponse();
                     $response->setHeader('Location', $this->getLoginRedirect());