Add regenerate session after login for fixing possible security issue

pheditor · Oct 3, 2021 · 15d7f58 · 15d7f58
1 parent 957014a
commit 15d7f58
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/pheditor.php b/pheditor.php
@@ -143,6 +143,8 @@
 if (empty(PASSWORD) === false && (isset($_SESSION['pheditor_admin']) === false || $_SESSION['pheditor_admin'] !== true)) {
 	if (isset($_POST['pheditor_password']) && empty($_POST['pheditor_password']) === false) {
 		if (hash('sha512', $_POST['pheditor_password']) === PASSWORD) {
+			session_regenerate_id(true);
+
 			$_SESSION['pheditor_admin'] = true;
 
 			redirect();
@@ -172,6 +174,8 @@
 if (isset($_GET['logout'])) {
 	unset($_SESSION['pheditor_admin']);
 
+	session_destroy();
+
 	redirect();
 }