diff --git a/PHPCI/Controller/SessionController.php b/PHPCI/Controller/SessionController.php
index 8fa9d48b..6ad2681e 100644
--- a/PHPCI/Controller/SessionController.php
+++ b/PHPCI/Controller/SessionController.php
@@ -53,6 +53,7 @@ class SessionController extends \PHPCI\Controller
                 $user = $this->userStore->getByEmail($this->getParam('email'));
 
                 if ($user && password_verify($this->getParam('password', ''), $user->getHash())) {
+                    session_regenerate_id(true);
                     $_SESSION['phpci_user_id']    = $user->getId();
                     $response = new b8\Http\Response\RedirectResponse();
                     $response->setHeader('Location', $this->getLoginRedirect());