From 65e98f40867862eb345676e23b633b9f52109d30 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 15 Oct 2018 15:47:50 +0300
Subject: force regenerate session id on successful login, remove previous
 blank SID check

---
 include/functions.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index d88e96dd6..3cd21969d 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -712,7 +712,14 @@
 			}
 
 			if ($user_id && !$check_only) {
-				@session_start();
+
+				if (session_status() != PHP_SESSION_NONE) {
+					session_destroy();
+					session_commit();
+				}
+
+				session_start();
+				session_regenerate_id(true);
 
 				$_SESSION["uid"] = $user_id;
 				$_SESSION["version"] = VERSION_STATIC;
-- 
cgit v1.2.3