login: regenerates session id on login

2025-02-25 18:55:37 -06:00 · 2017-08-07 10:00:29 +02:00 · 2017-08-07 10:00:29 +02:00 · 1e5778174c
commit 1e5778174c
parent f547c93a4f
2 changed files with 9 additions and 0 deletions
--- a/pkg/api/login.go
+++ b/pkg/api/login.go
@ -143,6 +143,7 @@ func loginUserWithUser(user *m.User, c *middleware.Context) {
 		c.SetSuperSecureCookie(user.Rands+user.Password, setting.CookieRememberName, user.Login, days, setting.AppSubUrl+"/")
 	}

+	c.Session.RegenerateId(c)
 	c.Session.Set(middleware.SESS_KEY_USERID, user.Id)
 }

--- a/pkg/middleware/session.go
+++ b/pkg/middleware/session.go
@ -103,6 +103,8 @@ type SessionStore interface {
 	Destory(*Context) error
 	// init
 	Start(*Context) error
+	// RegenerateId regenerates the session id
+	RegenerateId(*Context) error
 }

 type SessionWrapper struct {
@ -116,6 +118,12 @@ func (s *SessionWrapper) Start(c *Context) error {
 	return err
 }

+func (s *SessionWrapper) RegenerateId(c *Context) error {
+	var err error
+	s.session, err = s.manager.RegenerateId(c.Context)
+	return err
+}
+
 func (s *SessionWrapper) Set(k interface{}, v interface{}) error {
 	if s.session != nil {
 		return s.session.Set(k, v)