From 4564a4a04be04418d9bc418ea158e73bbf6beb35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Thu, 5 Feb 2026 16:38:19 +0100
Subject: [PATCH] Add session regeneration after token refresh to enhance
 security

---
 index.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.php b/index.php
index aeaf30f..eecb1e3 100644
--- a/index.php
+++ b/index.php
@@ -63,6 +63,8 @@ if (!isset($_SESSION['authorization']['userkey']) ||
         if (isset($responses['userkey']) && isset($responses['token_valid'])) {
             // Update session with complete response (same as login.php)
             $_SESSION['authorization'] = $responses;
+
+            session_regenerate_id(true); // Resets the session ID and timer to avoid user needs to relogin
         } else {
             // Token refresh failed - redirect to login
             session_destroy();