Here's the documentation for that function: http://php.net/manual/en/function.session-regenerate-id.php And here's about session fixation: https://www.owasp.org/index.php/Session_fixation
@@ -79,7 +79,9 @@ if (isset($_POST['user']) && isset($_POST['password'])) {
else {
$_SESSION['language'] = 'en';
}
-
+
+ // Regenerate session id to prevent session fixation
+ session_regenerate_id();
// Redirect request to control panel interface
if (!empty($_SESSION['request_uri'])) {
Arinerron