force regenerate session id on successful login, remove previous blank SID check

[tt-rss.git] / include / functions.php

diff --git a/include/functions.php b/include/functions.php
index d88e96dd600ce75b3f32a6fcbb4d4099cd05ce2d..3cd21969d27f90f3b86d509832b1c8bfb7d2f6fc 100755 (executable)
--- a/include/functions.php
+++ b/include/functions.php
@@ -712,7 +712,14 @@
                        }
 
                        if ($user_id && !$check_only) {
-                               @session_start();
+
+                               if (session_status() != PHP_SESSION_NONE) {
+                                       session_destroy();
+                                       session_commit();
+                               }
+
+                               session_start();
+                               session_regenerate_id(true);
 
                                $_SESSION["uid"] = $user_id;
                                $_SESSION["version"] = VERSION_STATIC;