From 7f37350fab9d729a9350d96369ff0f453cf7b840 Mon Sep 17 00:00:00 2001
From: Alex Tselegidis <alextselegidis@gmail.com>
Date: Sat, 15 Apr 2023 14:46:30 +0200
Subject: [PATCH] Regenerate the session ID after logging in to avoid Session
 Fixation attacks

---
 application/controllers/Login.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/application/controllers/Login.php b/application/controllers/Login.php
index 8cb50972ce..bb627b750f 100644
--- a/application/controllers/Login.php
+++ b/application/controllers/Login.php
@@ -76,6 +76,8 @@ public function validate()
             {
                 throw new InvalidArgumentException('Invalid credentials provided, please try again.');
             }
+            
+            $this->session->sess_regenerate();
 
             session($user_data); // Save data in the session.