AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Regenerate session ID after successful authentication 

Closes #5141
This commit is contained in:
Frédéric Guillot 2023-04-10 21:36:31 -07:00 committed by Frédéric Guillot
parent 4adb93c1a6
commit ae7bc0b74d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Core/User/UserSession.php
View File

@ -44,6 +44,10 @@ class UserSession extends Base
$user['is_ldap_user'] = isset($user['is_ldap_user']) ? (bool) $user['is_ldap_user'] : false;
$user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false;
if (session_status() === PHP_SESSION_ACTIVE) {
session_regenerate_id(true);
}
session_set('user', $user);
session_set('postAuthenticationValidated', false);
}