diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-13 21:48:55 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-03-13 21:48:55 +0000 |
| commit | e4a27b8f34a226f9c198bcdaa92cf065da9d83bb (patch) | |
| tree | 1c43af0c5832d05a571953ddea0b0ae260253678 | |
| parent | b6dba27ac22fd34d149d7a1acdfd652f32893743 (diff) | |
| download | brdo-e4a27b8f34a226f9c198bcdaa92cf065da9d83bb.tar.gz brdo-e4a27b8f34a226f9c198bcdaa92cf065da9d83bb.tar.bz2 | |
- sa-2006-003: Session fixation issue
| -rw-r--r-- | modules/user.module | 5 | ||||
| -rw-r--r-- | modules/user/user.module | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/modules/user.module b/modules/user.module index 859c6aa9c..069786fa7 100644 --- a/modules/user.module +++ b/modules/user.module @@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) { db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid); user_module_invoke('login', $form_values, $user); + + $old_session_id = session_id(); + session_regenerate_id(); + db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); + } } diff --git a/modules/user/user.module b/modules/user/user.module index 859c6aa9c..069786fa7 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -915,6 +915,11 @@ function user_login_submit($form_id, $form_values) { db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid); user_module_invoke('login', $form_values, $user); + + $old_session_id = session_id(); + session_regenerate_id(); + db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); + } } |