Move session_regenerate_id to `login()`

lib/private/user.php

@@ -227,6 +227,7 @@ class OC_User {
 	 * Log in a user and regenerate a new session - if the password is ok
 	 */
 	public static function login($uid, $password) {
+		session_regenerate_id(true);
 		return self::getUserSession()->login($uid, $password);
 	}