Regenerate the session ID after logging in to avoid Session Fixation attacks
This commit is contained in:
parent
75b2473576
commit
7f37350fab
1 changed files with 2 additions and 0 deletions
|
@ -77,6 +77,8 @@ class Login extends EA_Controller {
|
|||
throw new InvalidArgumentException('Invalid credentials provided, please try again.');
|
||||
}
|
||||
|
||||
$this->session->sess_regenerate();
|
||||
|
||||
session($user_data); // Save data in the session.
|
||||
|
||||
json_response([
|
||||
|
|
Loading…
Reference in a new issue