Regenerate the session ID after logging in to avoid Session Fixation attacks

This commit is contained in:
Alex Tselegidis 2023-04-15 14:46:30 +02:00
parent 75b2473576
commit 7f37350fab

View file

@ -76,6 +76,8 @@ class Login extends EA_Controller {
{
throw new InvalidArgumentException('Invalid credentials provided, please try again.');
}
$this->session->sess_regenerate();
session($user_data); // Save data in the session.