daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 06:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7839 from nextcloud/regenerate-session-id

Browse Source 
aio-interface: regenerate session id on login to avoid session fixation attacks
This commit is contained in:
Simon L.
2026-04-02 10:24:40 +02:00
committed by GitHub
parent 1bbda0a5ce f9e6339044
commit 2eeada43b5
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
php/src/Auth/AuthManager.php
View File

@@ -26,6 +26,7 @@ readonly class AuthManager {
public function SetAuthState(bool $isLoggedIn) : void {
if (!$this->IsAuthenticated() && $isLoggedIn === true) {
session_regenerate_id(true);
$date = new DateTime();
$dateTime = $date->getTimestamp();
$_SESSION['date_time'] = $dateTime;