fec41e7539
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this. |
||
|---|---|---|
| .. | ||
| cryptosessiondata.php | ||
| cryptowrapper.php | ||
| internal.php | ||
| memory.php | ||
| session.php | ||