From 7f37350fab9d729a9350d96369ff0f453cf7b840 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Sat, 15 Apr 2023 14:46:30 +0200 Subject: [PATCH] Regenerate the session ID after logging in to avoid Session Fixation attacks --- application/controllers/Login.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/application/controllers/Login.php b/application/controllers/Login.php index 8cb50972..bb627b75 100644 --- a/application/controllers/Login.php +++ b/application/controllers/Login.php @@ -76,6 +76,8 @@ class Login extends EA_Controller { { throw new InvalidArgumentException('Invalid credentials provided, please try again.'); } + + $this->session->sess_regenerate(); session($user_data); // Save data in the session.