ISPConfig3 devel
parent: 16ebfdab | patch | commit | ignore whitespace
Till Brehm
2016-07-23 aae7dceb7968fb8fe18b6065ee30ac86f3bcaee3 
Make session ID regeneration configurable in security_settings.ini
2 files modified
12 ■■■■ changed files
interface/web/login/index.php 11 ●●●● patch | view | raw | blame | history
security/security_settings.ini 1 ●●●● patch | view | raw | blame | history 
 interface/web/login/index.php


@@ -216,8 +216,15 @@


                        $user = $app->db->toLower($user);


                        


                        if ($loginAs) $oldSession = $_SESSION['s'];


                        // Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827


                        //if (!$loginAs) session_regenerate_id(true);


						


                        // Session regenerate causes login problems on some systems, see Issue #3827


                        // Set session_regenerate_id to no in security settings, it you encounter


                        // this problem.


                        $app->uses('getconf');


                        $security_config = $app->getconf->get_security_config('permissions');


                        if(isset($security_config['session_regenerate_id']) && $security_config['session_regenerate_id'] == 'yes') {


                            if (!$loginAs) session_regenerate_id(true);


                        }


                        $_SESSION = array();


                        if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!


                        $_SESSION['s']['user'] = $user;




 security/security_settings.ini


@@ -16,6 +16,7 @@


admin_allow_software_repo=superadmin


remote_api_allowed=yes


password_reset_allowed=yes


session_regenerate_id=yes




[ids]


ids_enabled=no