bug #408 fixed, no session_regenerate_id on early PHP 7 versions

2025-04-29 04:39:56 +03:00 · 2016-01-27 15:36:00 +01:00 · 2016-01-27 15:36:00 +01:00 · f04e4d8b4f
commit f04e4d8b4f
parent 7ae2094726
1 changed files with 2 additions and 2 deletions
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@ -945,7 +945,7 @@ function log_user($user_id, $remember_me)
  { // make sure we clean any remember me ...
    setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
  }
-  if ( session_id()!="" )
+  if ( session_id()!="" and (version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0))
  { // we regenerate the session for security reasons
    // see http://www.acros.si/papers/session_fixation.pdf
    session_regenerate_id(true);
@ -1597,4 +1597,4 @@ SELECT
    return create_user_auth_key($user_id, $user_status);
  }
 }
-?>
+?>