From fb061aaecead8248d1a5cc43cc9593832d7bbdc0 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 8 Mar 2011 08:07:43 +0000
Subject: Use PHPs session_regenerte_id() instead of using (unreliable)
 mt_rand() function (#1486281)

---
 program/include/rcube_session.php | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

(limited to 'program/include')

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 2bd663c83..0fc444256 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -212,20 +212,8 @@ class rcube_session
     $this->destroy(session_id());
     $this->vars = false;
 
-    $randval = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
-    for ($random = '', $i=1; $i <= 32; $i++) {
-      $random .= substr($randval, mt_rand(0,(strlen($randval) - 1)), 1);
-    }
-
-    // use md5 value for id
-    $this->key = md5($random);
-    session_id($this->key);
-
-    $cookie   = session_get_cookie_params();
-    $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
-
-    rcmail::setcookie(session_name(), $this->key, $lifetime);
+    session_regenerate_id(false);
+    $this->key = session_id();
 
     return true;
   }
-- 
cgit v1.2.3