Regenerate the session ID after logging in to avoid Session Fixation attacks
This commit is contained in:
parent
75b2473576
commit
7f37350fab
1 changed files with 2 additions and 0 deletions
|
@ -76,6 +76,8 @@ class Login extends EA_Controller {
|
||||||
{
|
{
|
||||||
throw new InvalidArgumentException('Invalid credentials provided, please try again.');
|
throw new InvalidArgumentException('Invalid credentials provided, please try again.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->session->sess_regenerate();
|
||||||
|
|
||||||
session($user_data); // Save data in the session.
|
session($user_data); // Save data in the session.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue