deblan/phpci
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Generate an new session identifier on successful login to prevent session fixation attacks.

Browse source
This commit is contained in:
Adirelle 2015-03-08 17:53:27 +01:00 committed by Tobias van Beek
parent 3467e77e74
commit f29ff197c6
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
PHPCI/Controller/SessionController.php
View file

@ -53,6 +53,7 @@ class SessionController extends \PHPCI\Controller
$user = $this->userStore->getByEmail($this->getParam('email'));
if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {
session_regenerate_id(true);
$_SESSION['phpci_user_id'] = $user->getId();
$response = new b8\Http\Response\RedirectResponse();
$response->setHeader('Location', $this->getLoginRedirect());