Why does new user() need session regeneration?
Permalink
Hi to all (especially Concrete 5 core team),
I was looking a way to build my own cart application in Concrete 5. When i was examining User class, i saw that after a successful login, __construct() function "regenerates the session". (So sID taken from PHP changes after each successful login.)
I was wondering why Concrete5 needs regenerating session?
(Security reasons?)
(I simply remove the "Users:regenerateSession()" lines in User class, it seems to me that everything continues to work without any warnings/errors...)
Thanks a lot from now,
Cfh
I was looking a way to build my own cart application in Concrete 5. When i was examining User class, i saw that after a successful login, __construct() function "regenerates the session". (So sID taken from PHP changes after each successful login.)
I was wondering why Concrete5 needs regenerating session?
(Security reasons?)
(I simply remove the "Users:regenerateSession()" lines in User class, it seems to me that everything continues to work without any warnings/errors...)
Thanks a lot from now,
Cfh
http://en.wikipedia.org/wiki/Session_fixation#Regenerate_SID_on_eac...