summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-03-08 08:07:43 +0000
committerthomascube <thomas@roundcube.net>2011-03-08 08:07:43 +0000
commitfb061aaecead8248d1a5cc43cc9593832d7bbdc0 (patch)
tree2fb74f2f0c78483b22a2580d4fd3d36c03888756 /program
parent6f6efa20d742579381f450400f55e8bce7d839f0 (diff)
Use PHPs session_regenerte_id() instead of using (unreliable) mt_rand() function (#1486281)
Diffstat (limited to 'program')
-rw-r--r--program/include/rcube_session.php16
1 files changed, 2 insertions, 14 deletions
diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 2bd663c83..0fc444256 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -212,20 +212,8 @@ class rcube_session
$this->destroy(session_id());
$this->vars = false;
- $randval = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
- for ($random = '', $i=1; $i <= 32; $i++) {
- $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
- }
-
- // use md5 value for id
- $this->key = md5($random);
- session_id($this->key);
-
- $cookie = session_get_cookie_params();
- $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
-
- rcmail::setcookie(session_name(), $this->key, $lifetime);
+ session_regenerate_id(false);
+ $this->key = session_id();
return true;
}