From e17dde0dca62aec7c9a1f33a8eb795350ef91d99 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 27 Nov 2023 23:52:36 +0100
Subject: [PATCH] Fix session fixation

---
 system/pages/account/login.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/system/pages/account/login.php b/system/pages/account/login.php
index 557aeb86..c063c28e 100644
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -59,6 +59,7 @@ if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
 			&& (!isset($t) || $t['attempts'] < 5)
 		)
 		{
+			session_regenerate_id();
 			setSession('account', $account_logged->getId());
 			setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
 			if($remember_me) {