diff options
| author | thomascube <thomas@roundcube.net> | 2011-03-08 08:07:43 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2011-03-08 08:07:43 +0000 |
| commit | fb061aaecead8248d1a5cc43cc9593832d7bbdc0 (patch) | |
| tree | 2fb74f2f0c78483b22a2580d4fd3d36c03888756 /program/include | |
| parent | 6f6efa20d742579381f450400f55e8bce7d839f0 (diff) | |
Use PHPs session_regenerte_id() instead of using (unreliable) mt_rand() function (#1486281)
Diffstat (limited to 'program/include')
| -rw-r--r-- | program/include/rcube_session.php | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php index 2bd663c83..0fc444256 100644 --- a/program/include/rcube_session.php +++ b/program/include/rcube_session.php @@ -212,20 +212,8 @@ class rcube_session $this->destroy(session_id()); $this->vars = false; - $randval = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - - for ($random = '', $i=1; $i <= 32; $i++) { - $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1); - } - - // use md5 value for id - $this->key = md5($random); - session_id($this->key); - - $cookie = session_get_cookie_params(); - $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0; - - rcmail::setcookie(session_name(), $this->key, $lifetime); + session_regenerate_id(false); + $this->key = session_id(); return true; } |