Patch session fixation vuln

Arinerron · web-flow · commit c6393c87714c · 2017-02-26T17:30:36.000-08:00
Here's the documentation for that function: http://php.net/manual/en/function.session-regenerate-id.php And here's about session fixation: https://www.owasp.org/index.php/Session_fixation
diff --git a/web/login/index.php b/web/login/index.php
@@ -79,7 +79,9 @@
         else {
             $_SESSION['language'] = 'en';
         }
-
+        
+        // Regenerate session id to prevent session fixation
+        session_regenerate_id();
 
         // Redirect request to control panel interface
         if (!empty($_SESSION['request_uri'])) {
