[core] Force generating of new session on login
This improves security because session ID and token are generated fresh for each user.
This commit is contained in:
Michal Čihař
@@ -112,6 +112,7 @@
|
||||
- bug #3042665 [parser] Add workaround for MySQL way of handling backtick.
|
||||
- bug #3056610 [interface] Removed modification options for information_schema
|
||||
+ patch #3055886 [config] Add Left frame table filter visibility config option, thanks to eesau
|
||||
- [core] Force generating of new session on login
|
||||
|
||||
3.3.8.0 (not yet released)
|
||||
- bug #3059311 [import] BIGINT field type added to table analysis
|
||||
|
||||
@@ -814,6 +814,8 @@ if (! defined('PMA_MINIMUM_COMMON')) {
|
||||
*/
|
||||
require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php';
|
||||
if (!PMA_auth_check()) {
|
||||
/* Force generating of new session on login */
|
||||
PMA_secureSession();
|
||||
PMA_auth();
|
||||
} else {
|
||||
PMA_auth_set_user();
|
||||
@@ -975,7 +977,7 @@ PMA_Tracker::enable();
|
||||
* @global boolean $GLOBALS['is_ajax_request']
|
||||
* @todo should this be moved to the variables init section above?
|
||||
*
|
||||
* Check if the current request is an AJAX request, and set is_ajax_request
|
||||
* Check if the current request is an AJAX request, and set is_ajax_request
|
||||
* accordingly. Suppress headers, footers and unnecessary output if set to
|
||||
* true
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user