Regenerate session id on login to avoid session fixation attacks

AI-assistant: Copilot v1.0.7 (Claude Opus 4.6) Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
2026-05-21 10:50:10 +00:00 · 2026-03-31 23:54:56 +02:00
parent bb4790ed3a
commit f9e6339044
1 changed files with 1 additions and 0 deletions
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -26,6 +26,7 @@ readonly class AuthManager {
    public function SetAuthState(bool $isLoggedIn) : void {

        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            session_regenerate_id(true);
            $date = new DateTime();
            $dateTime = $date->getTimestamp();
            $_SESSION['date_time'] = $dateTime;