sync of fix to 3.4

author: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-08-19 06:55:02 +0000
committer: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-08-19 06:55:02 +0000
commit: f92b79ec098ad56690dce0c615a25dcac3955fba (patch)
tree: 015f30e8182274fcc91a5c2d7ae3a248590afd21
parent: a1961111ef936899351924bdb97e1b5d2e3687ec (diff)
download: ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.tar.gz
ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.tar.bz2
ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 8b1236ad..156175dd 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.4-Alpha2 
+  	- Fixed a session fixation issue
   	- Fixed Album Disk support for OGG's and added display to browse
 		albums
   	- Added Album Disk support for id3v2 (Thx Hugo Haas)
diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php
index 0d554c60..26c6997c 100644
--- a/modules/vauth/session.lib.php
+++ b/modules/vauth/session.lib.php
@@ -196,6 +196,9 @@ function vauth_session_cookie() {
  * of data
  */
 function vauth_session_create($data) { 
+	
+	// Regenerate the session ID to prevent fixation
+	session_regenerate_id();
 
 	/* function that creates the cookie for us */
 	vauth_session_cookie();
author	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-08-19 06:55:02 +0000
committer	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-08-19 06:55:02 +0000
commit	f92b79ec098ad56690dce0c615a25dcac3955fba (patch)
tree	015f30e8182274fcc91a5c2d7ae3a248590afd21
parent	a1961111ef936899351924bdb97e1b5d2e3687ec (diff)
download	ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.tar.gz ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.tar.bz2 ampache-f92b79ec098ad56690dce0c615a25dcac3955fba.zip