tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch '3.6' into 3.7

Browse Source
This commit is contained in:
Serge Latyntcev 2019-09-24 14:26:53 +12:00
commit e7469dadb0
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/Security.php
View File

@ -726,6 +726,12 @@ class Security extends Controller implements TemplateGlobalProvider {
$curMember->logOut(); $curMember->logOut();
} }
if (!headers_sent()) {
// To avoid a potential session fixation attack
// we're refreshing the session id so that it's
// always new and random for every authentication
session_regenerate_id(true);
}
// Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm. // Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm.
Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t'])); Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t']));