summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xdocs/CHANGELOG1
-rw-r--r--modules/vauth/session.lib.php3
2 files changed, 4 insertions, 0 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 8b1236ad..156175dd 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
--------------------------------------------------------------------------
v.3.4-Alpha2
+ - Fixed a session fixation issue
- Fixed Album Disk support for OGG's and added display to browse
albums
- Added Album Disk support for id3v2 (Thx Hugo Haas)
diff --git a/modules/vauth/session.lib.php b/modules/vauth/session.lib.php
index 0d554c60..26c6997c 100644
--- a/modules/vauth/session.lib.php
+++ b/modules/vauth/session.lib.php
@@ -196,6 +196,9 @@ function vauth_session_cookie() {
* of data
*/
function vauth_session_create($data) {
+
+ // Regenerate the session ID to prevent fixation
+ session_regenerate_id();
/* function that creates the cookie for us */
vauth_session_cookie();
generated by cgit (git 2.34.1) at 2025-08-13 19:01:26 +0000