stable
Clone or download
Read-only
request #18377: Regenerate session ID when users sign in
The session cookie used by Tuleap is a hard target for a session fixation attack but it's a good practice to regenerate the session ID when the authentication context changes. You should see that when you sign in or log out a new session cookie is sent by the server. No functional change is expected. Change-Id: I01d1d872dfe944bf1398385cfb4884faac1721fe
Modified Files
Name | ||||
---|---|---|---|---|
M | src/common/User/UserManager.class.php | +1 | −0 | Go to diff View file |
M | src/common/session/PHP_Session.class.php | +6 | −1 | Go to diff View file |