[icinga-checkins] icinga.org: icingaweb2/bugfix/basic-auth-api-only-11151: Regenerate a session ID only if the session exists

git at icinga.org git at icinga.org
Mon Feb 15 11:59:20 CET 2016


Module: icingaweb2
Branch: bugfix/basic-auth-api-only-11151
Commit: c5281935c6ff7d7b208e43794cbef21070acc090
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=c5281935c6ff7d7b208e43794cbef21070acc090

Author: Alexander A. Klimov <alexander.klimov at netways.de>
Date:   Mon Feb 15 11:14:37 2016 +0100

Regenerate a session ID only if the session exists

refs #11151

---

 library/Icinga/Web/Session/PhpSession.php |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/Icinga/Web/Session/PhpSession.php b/library/Icinga/Web/Session/PhpSession.php
index 06fd08b..0c10cde 100644
--- a/library/Icinga/Web/Session/PhpSession.php
+++ b/library/Icinga/Web/Session/PhpSession.php
@@ -213,7 +213,9 @@ class PhpSession extends Session
     public function refreshId()
     {
         $this->open();
-        session_regenerate_id();
+        if ($this->exists()) {
+            session_regenerate_id();
+        }
         session_write_close();
         $this->hasBeenTouched = true;
     }



More information about the icinga-checkins mailing list