Regenerate the session ID after logging in to avoid Session Fixation attacks

This commit is contained in:
Alex Tselegidis 2023-04-15 14:46:30 +02:00
parent 75b2473576
commit 7f37350fab

View file

@ -77,6 +77,8 @@ class Login extends EA_Controller {
throw new InvalidArgumentException('Invalid credentials provided, please try again.'); throw new InvalidArgumentException('Invalid credentials provided, please try again.');
} }
$this->session->sess_regenerate();
session($user_data); // Save data in the session. session($user_data); // Save data in the session.
json_response([ json_response([