summaryrefslogtreecommitdiff
path: root/includes/specials/SpecialUserlogin.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/specials/SpecialUserlogin.php')
-rw-r--r--includes/specials/SpecialUserlogin.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 764ff401..4c5a2376 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -745,6 +745,8 @@ class LoginForm extends SpecialPage {
$userLang = Language::factory( $code );
$wgLang = $userLang;
$this->getContext()->setLanguage( $userLang );
+ // Reset SessionID on Successful login (bug 40995)
+ $this->renewSessionId();
return $this->successfulLogin();
} else {
return $this->cookieRedirectCheck( 'login' );
@@ -1179,6 +1181,23 @@ class LoginForm extends SpecialPage {
$wgRequest->setSessionData( 'wsCreateaccountToken', null );
}
+ /**
+ * Renew the user's session id, using strong entropy
+ */
+ private function renewSessionId() {
+ if ( wfCheckEntropy() ) {
+ session_regenerate_id( false );
+ } else {
+ //If we don't trust PHP's entropy, we have to replace the session manually
+ $tmp = $_SESSION;
+ session_unset();
+ session_write_close();
+ session_id( MWCryptRand::generateHex( 32 ) );
+ session_start();
+ $_SESSION = $tmp;
+ }
+ }
+
/**
* @private
*/