Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #18377: Regenerate session ID when users sign in

Download Browse

The session cookie used by Tuleap is a hard target for a session fixation attack but it's a good practice to regenerate the session ID when the authentication context changes. You should see that when you sign in or log out a new session cookie is sent by the server. No functional change is expected. Change-Id: I01d1d872dfe944bf1398385cfb4884faac1721fe

+7 −1
Thomas Gerbet (tgerbet) 2020-11-26 18:19
Thomas Gerbet (tgerbet) 2020-11-26 18:19
1a4674c7e6b86e0a68afc0c5fc2a54ec0e01c7b2
dc4dffb194e85415eecbb250d9a781df0f54f6ac
git #tuleap/stable/1a4674c7e6b86e0a68afc0c5fc2a54ec0e01c7b2

Modified Files

Side by side diff
Inline diff
Name
M src/common/User/UserManager.class.php +1 −0 Go to diff View file
M src/common/session/PHP_Session.class.php +6 −1 Go to diff View file