[core] Force generating of new session on login

This improves security because session ID and token are generated fresh for each user.
2010-09-16 15:19:46 +02:00
parent 08b31439b3
commit f47e0933c3
2 changed files with 4 additions and 1 deletions
--- a/1
+++ b/1
@@ -112,6 +112,7 @@
 - bug #3042665 [parser] Add workaround for MySQL way of handling backtick.
 - bug #3056610 [interface] Removed modification options for information_schema 
 + patch #3055886 [config] Add Left frame table filter visibility config option, thanks to eesau
+- [core] Force generating of new session on login

 3.3.8.0 (not yet released)
 - bug #3059311 [import] BIGINT field type added to table analysis
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -814,6 +814,8 @@ if (! defined('PMA_MINIMUM_COMMON')) {
         */
        require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php';
        if (!PMA_auth_check()) {
+            /* Force generating of new session on login */
+            PMA_secureSession();
            PMA_auth();
        } else {
            PMA_auth_set_user();