From cda45ddb3028850abee4af497002f529b2fea667 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= Date: Fri, 26 May 2023 17:58:10 -0700 Subject: [PATCH] Avoid PHP warning caused by session_regenerate_id() Fixes #5268 --- app/Core/User/UserSession.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Core/User/UserSession.php b/app/Core/User/UserSession.php index 07d3646a2..d3b14d3ae 100644 --- a/app/Core/User/UserSession.php +++ b/app/Core/User/UserSession.php @@ -45,7 +45,8 @@ class UserSession extends Base $user['twofactor_activated'] = isset($user['twofactor_activated']) ? (bool) $user['twofactor_activated'] : false; if (session_status() === PHP_SESSION_ACTIVE) { - session_regenerate_id(true); + // Note: Do not delete the old session to avoid possible race condition and a PHP warning. + session_regenerate_id(false); } session_set('user', $user);