diff options
| author |  Inverle <inverle@proton.me>
| 2025-08-30 21:40:00 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-30 21:40:00 +0200 |
| commit | 200eafb352f807bd70592b2ccc06745017328a85 (patch) | |
| tree | f06f77ee648d3e9a421346bf9749893a8cd01607 /app | |
| parent | 585875cda7e3e261062a9b4f9d836bd8671b838e (diff) | |
Regenerate session ID on login (#7829)
Follow-up to #7762
* Regenerate session ID on login
* Send only one cookie
* Improvements
* Delete old session file
* Simplify
* Make function consistent with others
Diffstat (limited to 'app')
| -rw-r--r-- | app/Controllers/authController.php | 10 | ||||
| -rw-r--r-- | app/Controllers/userController.php | 5 |
2 files changed, 5 insertions, 10 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 6b8d924d6..453851d22 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -152,6 +152,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { ); if ($ok) { // Set session parameter to give access to the user. + Minz_Session::regenerateID('FreshRSS'); Minz_Session::_params([ Minz_User::CURRENT_USER => $username, 'passwordHash' => FreshRSS_Context::userConf()->passwordHash, @@ -203,6 +204,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { $ok = password_verify($password, $s); unset($password); if ($ok) { + Minz_Session::regenerateID('FreshRSS'); Minz_Session::_params([ Minz_User::CURRENT_USER => $username, 'passwordHash' => $s, @@ -243,6 +245,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { )) { Minz_Request::setBadNotification(_t('feedback.auth.login.invalid')); } else { + Minz_Session::regenerateID('FreshRSS'); Minz_Session::_param('lastReauth', time()); Minz_Request::forward($redirect, true); return; @@ -259,12 +262,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { if (Minz_Request::isPost()) { invalidateHttpCache(); FreshRSS_Auth::removeAccess(); - - ini_set('session.use_cookies', '1'); - Minz_Session::lock(); - Minz_Session::regenerateID(); - Minz_Session::unlock(); - + Minz_Session::regenerateID('FreshRSS'); Minz_Request::good(_t('feedback.auth.logout.success'), [ 'c' => 'index', 'a' => 'index' ]); } else { Minz_Error::error(403); diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 0acdc65c7..67a97c45a 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -149,10 +149,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController { return; } - ini_set('session.use_cookies', '1'); - Minz_Session::lock(); - Minz_Session::regenerateID(); - Minz_Session::unlock(); + Minz_Session::regenerateID('FreshRSS'); } if (FreshRSS_Context::systemConf()->force_email_validation && empty($email)) { |