diff --git a/web/includes/functions.php b/web/includes/functions.php index 36a80cf2e..970a5a822 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -56,6 +56,7 @@ function userLogin( $username, $password="", $passwordHashed=false ) { if ( ZM_AUTH_TYPE == "builtin" ) { $_SESSION['passwordHash'] = $user['Password']; } + session_regenerate_id(); } else { Warning( "Login denied for user \"$username\"" ); $_SESSION['loginFailed'] = true; diff --git a/web/index.php b/web/index.php index 56f7983ba..9ce84199e 100644 --- a/web/index.php +++ b/web/index.php @@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) ) Fatal( "Invalid skin '$skin'" ); $skinBase[] = $skin; +$currentCookieParams = session_get_cookie_params(); +Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); +session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + $currentCookieParams["domain"], + $currentCookieParams["secure"], + true +); + ini_set( "session.name", "ZMSESSID" ); session_start();