From ccc18b4b1cfc754e3367c7a60a4b7d9a71e28cc2 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Wed, 07 Aug 2019 15:13:32 +0000
Subject: [PATCH] Regenerate session ID before setting authentication data

---
 uphpCAS.php |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/uphpCAS.php b/uphpCAS.php
index 98a3134..1633119 100644
--- a/uphpCAS.php
+++ b/uphpCAS.php
@@ -148,6 +148,7 @@
 			return $_SESSION[$this->sessionName];
 		} elseif(isset($_REQUEST['ticket'])) {
 			$user = $this->verifyTicket($_REQUEST['ticket']);
+			session_regenerate_id();
 			$_SESSION[$this->sessionName] = $user;
 			return $user;
 		} else {

--
Gitblit v1.9.1