From 064660709818a7e2005a7891dbd0260956baad70 Mon Sep 17 00:00:00 2001 From: skodak Date: Thu, 6 Aug 2009 13:25:21 +0000 Subject: [PATCH] MDL-19962 automatic regeneration of the sessio nid during each login; merging unused lang strings --- lang/en_utf8/admin.php | 2 ++ lib/moodlelib.php | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php index d0febaa221..b4ca3b02f9 100644 --- a/lang/en_utf8/admin.php +++ b/lang/en_utf8/admin.php @@ -239,6 +239,7 @@ $string['configrcache'] = 'Use the cache to store database records. Remember to $string['configrcachettl'] = 'Time-to-live for cached records, in seconds. Use a short (<15) value here.'; $string['configrecaptchaprivatekey'] = 'String of characters used to communicate between your Moodle server and the recaptcha.net server. Obtain one for this site by visiting http://recaptcha.net'; $string['configrecaptchapublickey'] = 'String of characters used to display the reCAPTCHA element in the signup form. Generated by http://recaptcha.net'; +$string['configregenloginsession'] = 'Regeneration of the session id during each login request is highly recommended. This setting might not be compatible with some authentication plugins.'; $string['configrequestedstudentname'] = 'Word for student used in requested courses'; $string['configrequestedstudentsname'] = 'Word for students used in requested courses'; $string['configrequestedteachername'] = 'Word for teacher used in requested courses'; @@ -731,6 +732,7 @@ $string['rcache'] = 'Record cache'; $string['rcachettl'] = 'Record cache TTL'; $string['recaptchapublickey'] = 'ReCAPTCHA public key'; $string['recaptchaprivatekey'] = 'ReCAPTCHA private key'; +$string['regenloginsession'] = 'Regenerate session id during login'; $string['registration'] = 'Registration'; $string['releasenoteslink'] = 'For information about this version of Moodle, please see the online Release Notes'; $string['remotelangnotavailable'] = 'Because Moodle can not connect to download.moodle.org, we are unable to do language pack installation automatically. Please download the appropriate zip file(s) from the list below, copy them to your $a directory and unzip them manually.'; diff --git a/lib/moodlelib.php b/lib/moodlelib.php index b16c9c9149..e31ef01824 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3497,6 +3497,10 @@ function authenticate_user_login($username, $password) { function complete_user_login($user, $setcookie=true) { global $CFG, $USER, $SESSION; + // regenerate session id and delete old session, + // this helps prevent session fixation attacks from the same domain + session_regenerate_id(true); + // check enrolments, load caps and setup $USER object session_set_user($user); -- 2.39.5