$string['configrcachettl'] = 'Time-to-live for cached records, in seconds. Use a short (<15) value here.';
$string['configrecaptchaprivatekey'] = 'String of characters used to communicate between your Moodle server and the recaptcha.net server. Obtain one for this site by visiting http://recaptcha.net';
$string['configrecaptchapublickey'] = 'String of characters used to display the reCAPTCHA element in the signup form. Generated by http://recaptcha.net';
+$string['configregenloginsession'] = 'Regeneration of the session id during each login request is highly recommended. This setting might not be compatible with some authentication plugins.';
$string['configrequestedstudentname'] = 'Word for student used in requested courses';
$string['configrequestedstudentsname'] = 'Word for students used in requested courses';
$string['configrequestedteachername'] = 'Word for teacher used in requested courses';
$string['rcachettl'] = 'Record cache TTL';
$string['recaptchapublickey'] = 'ReCAPTCHA public key';
$string['recaptchaprivatekey'] = 'ReCAPTCHA private key';
+$string['regenloginsession'] = 'Regenerate session id during login';
$string['registration'] = 'Registration';
$string['releasenoteslink'] = 'For information about this version of Moodle, please see the online <a target=\"_blank\" href=\"$a\">Release Notes</a>';
$string['remotelangnotavailable'] = 'Because Moodle can not connect to download.moodle.org, we are unable to do language pack installation automatically. Please download the appropriate zip file(s) from the list below, copy them to your $a directory and unzip them manually.';
function complete_user_login($user, $setcookie=true) {
global $CFG, $USER, $SESSION;
+ // regenerate session id and delete old session,
+ // this helps prevent session fixation attacks from the same domain
+ session_regenerate_id(true);
+
// check enrolments, load caps and setup $USER object
session_set_user($user);
projects / moodle.git / commitdiff